ceClub: Off-Path Hacking: The Illusion of Challenge-Response Authentication

Speaker:
Amir Herzberg (Bar-Ilan University)
Date:
Wednesday, 19.6.2013, 11:30
Place:
Taub 3

Everyone is concerned about Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only off-path and cannot intercept traffic; hence, challenge-response mechanisms suffice to ensure authenticity. Usually, the challenges re-use existing `unpredictable' protocol header fields; this allows use of existing, widely-deployed protocols such as TCP and DNS.

We argue that this practice may only give an illusion of security. We present our recent off-path TCP injection and DNS poisoning attacks, allowing circumvention of existing challenge-response defenses.

Both TCP and DNS attacks are non-trivial, yet very efficient and practical. The attacks allow circumvention of widely deployed security mechanisms, such as a Same Origin Policy, and allow a wide range of exploits, e.g., long-term caching of malicious objects and scripts.

We hope that this article will motivate adoption of cryptographic mechanisms such as SSL/TLS, IPsec and DNSSEC, as well as of correct, secure challenge-response mechanisms.

The talk would be mostly self-contained.

(Joint work with Yossi Gilad and Haya Shulman)

Bio:
Prof. Amir Herzberg is a tenured associate professor in the department of computer science, Bar-Ilan university. He received B.Sc. (1982, Computer Engineering), M.Sc. (1987, Electrical Engineering) and D.Sc. (1991, Computer Science), all from the Technion, Israel. His current research interests include:
- Network security, esp. Internet protocols: TCP/IP, DNS, routing, Denial-of-Service, spam
- Applied cryptography: provable yet applied. Esp., crypto-protocols for security, and resilient crypto (to exposures, cryptanalysis, side-channels)
- Privacy, anonymity and covert communication, including defenses and attacks (e.g., on Tor).
- Cyber-security, mainly: Malware communication and detection, security of devices and autonmous agents (robots).
- Usable security and social-engineering attacks, incl. phishing, and defenses - even for naive users (`Johnny`).
- Financial cryptography, i.e., using cryptography to innovate financial systems, protocols and networks, esp. payments.
- Trust management - building and using it, mainly to secure e-commerce, P2P networks, and more.
- Network protocols and distributed algorithms, esp. peer to peer and social networking, vehicular networking.
Security of and using new network paradigms: clouds and SDN.

He filled research and management positions in IBM Research, Israeli Defense Forces and several companies, and is consulting when time allows.

Back to the index of events