Posts Tagged ‘Routers

Web Spoofing: Threat Models, Attacks and Current Defenses

The initial design of  Web protocols and Internet assumed benign environment, where servers, clients and routers cooperate and follow the standard protocols, except for unintentional errors. However, as the amount and sensitivity of usage increased, concerns about security, fraud and attacks became important. In particular, since currently Internet access is widely (and often freely) available, it is very easy for attackers to obtain many client and even host connections and addresses, and use them to launch different attacks on the network itself (routers and network services such as DNS) and on other hosts and clients. In particular, with the proliferation of commercial domain name registrars allowing automated, low-cost registration in most top level domains, it is currently very easy for attackers to acquire essentially any unallocated domain name, and place there malicious hosts and clients. We call this the unallocated domain adversary: an adversary who is able to issue and receive messages using many addresses in any domain name, excluding the finite list of already allocated domain names. This is probably the most basic and common type of adversary.

Unfortunately, we believe, as explained below, that currently, most web users are vulnerable even against unallocated domain adversaries. This claim may be surprising, as sensitive web sites are usually protected using the SSL or TLS protocols, which, as we explain in the following subsection, securely authenticate webpages even in the presence of intercepting adversaries (often referred to as Man In The Middle (MITM) attackers).Intercepting adversaries are able to send and intercept (receive, eavesdrop) messages to and from all domains.Indeed, even without SSL/TLS, the HTTP protocol securely authenticates web pages against spoofing adversaries, which are able to send messages from all domains, but receive only messages sent to unallocated (adversary-controlled) domains. However, the security by SSL/TLS (against intercepting adversary; or by HTTP against spoofing adversary) is only with respect to the address (URL) and security mechanism (HTTPS, using SSL/TLS, or ‘plain’ HTTP) requested by the application (usually browser). In a phishing attack (and most other spoofing attacks), the application specifies, in its request, the URL of the spoofed site. Namely, web spoofing attacks focus on the gap between the intentions and expectations of the user, and the address and security mechanism specified by the browser to the transport layer.


Tags : , , , , , , , , , , , , , , ,

Mobile DTN Routers: Data Mules

The concept of a mobile router has been discussed among researchers of ad-hoc and mobile Internet networks for some time. When operating in the context of Internet-style protocols, mobile routers generally present challenges with respect to node addressing and routing performance when the topology or link performance changes. These challenges have their analogues in DTN, but with a some what different set of constraints. Once again, while we can learn from the approaches considered for ad-hoc routing and Mobile IP, the applicabilityof these approaches are limited because generally speaking the network model for these efforts is the traditional (static) network where the nodes are fully connected.

In the context of DTN, a mobile router is a device capable of store-and-forward operations, and thus represents more of a data carrying entity instead of a conventional router that may happen to be moving among. These data carrying “routers” have been called Data Mules. This term has emerged to describe situations where some entity (the mule) provides storage for messages that is physically moved from point to point to provide transit connectivity. This method of message transport is not purely academic fantasy: the DakNet project connects hard-to-reach villages via limited range RF transmissions from a portable computer ona commuter bus that performs store-and-forward data transfers (via smtp). In another example, the Wizzy Digital Courier project in South Africa transfers e-mail messages and Web searches on a USB key that is carried by a bicycle or motorcycle rider between schools. Finally,the postal system has been been proposed as a viable message carrying entity, and entire computers are sometimes shipped in order to move very large quantities of data. The benefit of data mules is essentially the possibility of extremely high capacity and throughput in exchange for large delivery delays.

While the DTN architecture embraces the concept of data mules, it appears to suggest abstracting them as edges in the DTN network multigraph. This may seem most appropriate, as the mule intuitively appears to be a communication link with a particularly high delay (and possibly high capacity). However, a mule generally has finite storage which is unequal to its bandwidth-delay product. We therefore consider the following question: Should the Data Mule be modeled as a node or a link ?

A network link (graph edge) is generally characterized by its delay and throughput and the vertices it interconnects.These edges are directional, so that different performance characteristics can be captured for asymmetric bidirectional links. Links are typically considered to be passive in that they execute neither a path selection nor scheduling decision process. Nodes, conversely, tend to be thought of as active entities (with finite storage) that make forwarding decisions about the messages transiting through them.

Using the active/passive characterization of nodes and edges, it then seems natural to represent a mule as a node instead of an edge, given its activity with respect to message routing. If we apply the same reasoning to passive entities (e.g. USB drives or DVDs), then we naturallyconclude they should be characterized as edges. However, as we shall now explore, this method of partitioning may reveal a false dichotomy.

To make effective forwarding decisions, nodes should maintain state about their communication contacts andact on this state as necessary. This is straight forwardly implemented for an active device (bus with computer aboard), but less clear for a passive device. Taking aUSB drive as an example, it is fairly simple to arrange for the drive to store state representing, at a minimum,the set of nodes that it has (and/or will likely) encounter.With this in mind, there is little fundamental distinction between a USB drive (passive, storage only) and a router equipped bus (active, storage and processing) both can be considered mules. One could easily imagine a software architecture wherein inserting a USB drive into ahost machine causes that host to automatically make aset of forwarding decisions based on state stored on the drive itself. In this way, the USB drive (in conjunction with its host) resembles a message router that employs check pointing to persistent storage. In other words, the USB drive is a node that remains dormant until “activated” by a host.

Thus, while the DTN architecture embraces the concept of mobile nodes and data mules, it does not fully specify how they should be included in the network model. Through the careful consideration of mobility and mules, we have refined the DTN architectural description in order to provide a basis for the design of our implementation.

Tags : , , , , , , , , , , , , , , , ,