Soma-notes - User contributions [en]

SystemsSec 2016W Lecture 19

2016-04-06T18:55:17Z

Gilbertls: /* Reading: Thermal Covert Channels */

===Data Compression===
• Compression and encryption can mess with each other
• People can reconstruct VoIP depending on how it was compressed

===Reading: Data Compression In Network Services===
• Our paper was talking about “zip bombs” and they are everywhere
o Compressed archive is trivial to send to a server, but it is computationally demanding on the receiving server to process
o The decompression ties up resources
o Can be used against an anti-virus, scan a zip file which decompresses and fills up memory so much it crashes
o Attack uses lots of spaces, repeat the same data over and over
o How do you make a zip bomb, without blowing yourself up?
- Hand craft it or you only have to do it once and can then send it multiple times (do hard work once VS server must do it multiple times).
• Did they report every piece of software they tested?
o They did web, chat, and email (IMAP), but not SMTP...?
o Probably because the results of SMTP wouldn't be interesting.
- SMTP have spam filters and AV, so they could be vulnerable.
- But email has been under attack for so long that email servers have been hardened over the years because of constant attacks.
• DOS hasn't been used on the web as much because it is usually easy to counter thanks to the service providers.
• Wasn't crazy scientific did not quantify the issue and the potential damage that could be done.
o Instead just affirmed there was an issue.
o Paper was published because the issue was not well recognised. Was published last August...
• Denial of Service
o Web servers
- Web servers are under attack all the time. There are many resources and tools on how to mitigate DOS attacks against a web server.
- How do you stop your web server from dying when web traffic gets a spike?
• Use a content distribution network to mirror your content. Good for static content. Works okay for dynamic content.
• If you are offering a service you have to build it to scale properly so it can run new instances to deal with the load.
o Chat server
- Chat server goes down. You can just use another one.
o IMAP (private email server)
- IMAP is attacked. You can't access email on that specific email client.
• Compression is just one way to do DOS, there are many more.
o Amplification attacks: Send packet to a public server that then sends multiple to a specific target.
o Create Multiple Connection: In a SYN flood attack we send SYN packets to a TCP server to tie up resources by creating excessive connections.
o etc...
• This paper is really about resource management.
o Right way to defend against this is to limit resources appropriately.

===Reading: Thermal Covert Channels===

• Not about attacking a system, but about exfiltrating data
o IP over thermometers
• Covert Channel: data stream that people do not know about
• Why do we worry about these?
o Data is either escaping or entering without our knowing.
o Covert channels that people care about are usually ones that go through something that shouldn't be possible or channels that have high bandwidth.
o How big is it? How much data can you pass through it?
- ~12 bits per second
• Why is this paper interesting?
o The cloud
o If processes share the same core, it is possible to get information from another process just from sharing that core
o Temperature patterns can leak hash data
o Get secret key from another machine through the temperature of a shared core
o To keep secrecy put each machine on its own core
• How usable is this threat?
o ~12 bits per second
o In the cloud, if it is CPU intensive than it is hard to use, however the machines don't usually do CPU intensive tasks all the time
o Is a real covert channel, but not very useful right now for an attack
o Very hard to get a secret key using this
o In the future with higher resolution thermal sensors, the attack may be much more practical
o Most people should not worry about this sort of attack. There are so many other ways that an attacker can compromise you.

===IPhone case===

• The FBI dropped the case, the excuse they gave was that they did not need their help and had another way to do it
• A lot of people were against Apple in the polls.
o A large amount of the population do not know the importance of encryption
o Do not understand that a backdoor can both be abused by the government and other attackers
• In Paris attacks there was no encryption used, they used burner phones instead

SystemsSec 2016W Lecture 19

2016-04-06T18:55:00Z

Gilbertls: /* Thermal Covert Channels */

===Data Compression===
• Compression and encryption can mess with each other
• People can reconstruct VoIP depending on how it was compressed

===Reading: Data Compression In Network Services===
• Our paper was talking about “zip bombs” and they are everywhere
o Compressed archive is trivial to send to a server, but it is computationally demanding on the receiving server to process
o The decompression ties up resources
o Can be used against an anti-virus, scan a zip file which decompresses and fills up memory so much it crashes
o Attack uses lots of spaces, repeat the same data over and over
o How do you make a zip bomb, without blowing yourself up?
- Hand craft it or you only have to do it once and can then send it multiple times (do hard work once VS server must do it multiple times).
• Did they report every piece of software they tested?
o They did web, chat, and email (IMAP), but not SMTP...?
o Probably because the results of SMTP wouldn't be interesting.
- SMTP have spam filters and AV, so they could be vulnerable.
- But email has been under attack for so long that email servers have been hardened over the years because of constant attacks.
• DOS hasn't been used on the web as much because it is usually easy to counter thanks to the service providers.
• Wasn't crazy scientific did not quantify the issue and the potential damage that could be done.
o Instead just affirmed there was an issue.
o Paper was published because the issue was not well recognised. Was published last August...
• Denial of Service
o Web servers
- Web servers are under attack all the time. There are many resources and tools on how to mitigate DOS attacks against a web server.
- How do you stop your web server from dying when web traffic gets a spike?
• Use a content distribution network to mirror your content. Good for static content. Works okay for dynamic content.
• If you are offering a service you have to build it to scale properly so it can run new instances to deal with the load.
o Chat server
- Chat server goes down. You can just use another one.
o IMAP (private email server)
- IMAP is attacked. You can't access email on that specific email client.
• Compression is just one way to do DOS, there are many more.
o Amplification attacks: Send packet to a public server that then sends multiple to a specific target.
o Create Multiple Connection: In a SYN flood attack we send SYN packets to a TCP server to tie up resources by creating excessive connections.
o etc...
• This paper is really about resource management.
o Right way to defend against this is to limit resources appropriately.

===Reading: Thermal Covert Channels===

• Not about attacking a system, but about exfiltrating data
o IP over thermometers
• Covert Channel: data stream that people do not know about
• Why do we worry about these?
o Data is either escaping or entering without our knowing.
o Covert channels that people care about are usually ones that go through something that shouldn't be possible or channels that have high bandwidth.
o How big is it? How much data can you pass through it?
- ~12 bits per second
• Why is this paper interesting?
o The cloud
o If processes share the same core, it is possible to get information from another process just from sharing that core
o Temperature patterns can leak hash data
o Get secret key from another machine through the temperature of a shared core
o To keep secrecy put each machine on its own core
• How usable is this threat?
o ~12 bits per second
o In the cloud, if it is CPU intensive than it is hard to use, however the machines don't usually do CPU intensive tasks all the time
o Is a real covert channel, but not very useful right now for an attack
o Very hard to get a secret key using this
o In the future with higher resolution thermal sensors, the attack may be much more practical
o Most people should not worry about this sort of attack. There are so many other ways that an attacker can compromise you.

'''IPhone case'''

• The FBI dropped the case, the excuse they gave was that they did not need their help and had another way to do it
• A lot of people were against Apple in the polls.
o A large amount of the population do not know the importance of encryption
o Do not understand that a backdoor can both be abused by the government and other attackers
• In Paris attacks there was no encryption used, they used burner phones instead

SystemsSec 2016W Lecture 19

2016-04-06T18:54:47Z

Gilbertls: /* Data Compression In Network Services */

===Data Compression===
• Compression and encryption can mess with each other
• People can reconstruct VoIP depending on how it was compressed

===Reading: Data Compression In Network Services===
• Our paper was talking about “zip bombs” and they are everywhere
o Compressed archive is trivial to send to a server, but it is computationally demanding on the receiving server to process
o The decompression ties up resources
o Can be used against an anti-virus, scan a zip file which decompresses and fills up memory so much it crashes
o Attack uses lots of spaces, repeat the same data over and over
o How do you make a zip bomb, without blowing yourself up?
- Hand craft it or you only have to do it once and can then send it multiple times (do hard work once VS server must do it multiple times).
• Did they report every piece of software they tested?
o They did web, chat, and email (IMAP), but not SMTP...?
o Probably because the results of SMTP wouldn't be interesting.
- SMTP have spam filters and AV, so they could be vulnerable.
- But email has been under attack for so long that email servers have been hardened over the years because of constant attacks.
• DOS hasn't been used on the web as much because it is usually easy to counter thanks to the service providers.
• Wasn't crazy scientific did not quantify the issue and the potential damage that could be done.
o Instead just affirmed there was an issue.
o Paper was published because the issue was not well recognised. Was published last August...
• Denial of Service
o Web servers
- Web servers are under attack all the time. There are many resources and tools on how to mitigate DOS attacks against a web server.
- How do you stop your web server from dying when web traffic gets a spike?
• Use a content distribution network to mirror your content. Good for static content. Works okay for dynamic content.
• If you are offering a service you have to build it to scale properly so it can run new instances to deal with the load.
o Chat server
- Chat server goes down. You can just use another one.
o IMAP (private email server)
- IMAP is attacked. You can't access email on that specific email client.
• Compression is just one way to do DOS, there are many more.
o Amplification attacks: Send packet to a public server that then sends multiple to a specific target.
o Create Multiple Connection: In a SYN flood attack we send SYN packets to a TCP server to tie up resources by creating excessive connections.
o etc...
• This paper is really about resource management.
o Right way to defend against this is to limit resources appropriately.

===Thermal Covert Channels===

• Not about attacking a system, but about exfiltrating data
o IP over thermometers
• Covert Channel: data stream that people do not know about
• Why do we worry about these?
o Data is either escaping or entering without our knowing.
o Covert channels that people care about are usually ones that go through something that shouldn't be possible or channels that have high bandwidth.
o How big is it? How much data can you pass through it?
- ~12 bits per second
• Why is this paper interesting?
o The cloud
o If processes share the same core, it is possible to get information from another process just from sharing that core
o Temperature patterns can leak hash data
o Get secret key from another machine through the temperature of a shared core
o To keep secrecy put each machine on its own core
• How usable is this threat?
o ~12 bits per second
o In the cloud, if it is CPU intensive than it is hard to use, however the machines don't usually do CPU intensive tasks all the time
o Is a real covert channel, but not very useful right now for an attack
o Very hard to get a secret key using this
o In the future with higher resolution thermal sensors, the attack may be much more practical
o Most people should not worry about this sort of attack. There are so many other ways that an attacker can compromise you.

'''IPhone case'''

• The FBI dropped the case, the excuse they gave was that they did not need their help and had another way to do it
• A lot of people were against Apple in the polls.
o A large amount of the population do not know the importance of encryption
o Do not understand that a backdoor can both be abused by the government and other attackers
• In Paris attacks there was no encryption used, they used burner phones instead

SystemsSec 2016W Lecture 19

2016-04-06T18:54:14Z

Gilbertls: Created page with "===Data Compression=== • Compression and encryption can mess with each other • People can reconstruct VoIP depending on how it was compressed ===Data Compression In N..."

===Data Compression===
• Compression and encryption can mess with each other
• People can reconstruct VoIP depending on how it was compressed

===Data Compression In Network Services===
• Our paper was talking about “zip bombs” and they are everywhere
o Compressed archive is trivial to send to a server, but it is computationally demanding on the receiving server to process
o The decompression ties up resources
o Can be used against an anti-virus, scan a zip file which decompresses and fills up memory so much it crashes
o Attack uses lots of spaces, repeat the same data over and over
o How do you make a zip bomb, without blowing yourself up?
- Hand craft it or you only have to do it once and can then send it multiple times (do hard work once VS server must do it multiple times).
• Did they report every piece of software they tested?
o They did web, chat, and email (IMAP), but not SMTP...?
o Probably because the results of SMTP wouldn't be interesting.
- SMTP have spam filters and AV, so they could be vulnerable.
- But email has been under attack for so long that email servers have been hardened over the years because of constant attacks.
• DOS hasn't been used on the web as much because it is usually easy to counter thanks to the service providers.
• Wasn't crazy scientific did not quantify the issue and the potential damage that could be done.
o Instead just affirmed there was an issue.
o Paper was published because the issue was not well recognised. Was published last August...
• Denial of Service
o Web servers
- Web servers are under attack all the time. There are many resources and tools on how to mitigate DOS attacks against a web server.
- How do you stop your web server from dying when web traffic gets a spike?
• Use a content distribution network to mirror your content. Good for static content. Works okay for dynamic content.
• If you are offering a service you have to build it to scale properly so it can run new instances to deal with the load.
o Chat server
- Chat server goes down. You can just use another one.
o IMAP (private email server)
- IMAP is attacked. You can't access email on that specific email client.
• Compression is just one way to do DOS, there are many more.
o Amplification attacks: Send packet to a public server that then sends multiple to a specific target.
o Create Multiple Connection: In a SYN flood attack we send SYN packets to a TCP server to tie up resources by creating excessive connections.
o etc...
• This paper is really about resource management.
o Right way to defend against this is to limit resources appropriately.

===Thermal Covert Channels===

• Not about attacking a system, but about exfiltrating data
o IP over thermometers
• Covert Channel: data stream that people do not know about
• Why do we worry about these?
o Data is either escaping or entering without our knowing.
o Covert channels that people care about are usually ones that go through something that shouldn't be possible or channels that have high bandwidth.
o How big is it? How much data can you pass through it?
- ~12 bits per second
• Why is this paper interesting?
o The cloud
o If processes share the same core, it is possible to get information from another process just from sharing that core
o Temperature patterns can leak hash data
o Get secret key from another machine through the temperature of a shared core
o To keep secrecy put each machine on its own core
• How usable is this threat?
o ~12 bits per second
o In the cloud, if it is CPU intensive than it is hard to use, however the machines don't usually do CPU intensive tasks all the time
o Is a real covert channel, but not very useful right now for an attack
o Very hard to get a secret key using this
o In the future with higher resolution thermal sensors, the attack may be much more practical
o Most people should not worry about this sort of attack. There are so many other ways that an attacker can compromise you.

'''IPhone case'''

• The FBI dropped the case, the excuse they gave was that they did not need their help and had another way to do it
• A lot of people were against Apple in the polls.
o A large amount of the population do not know the importance of encryption
o Do not understand that a backdoor can both be abused by the government and other attackers
• In Paris attacks there was no encryption used, they used burner phones instead