Faults and failures Network specific threats Attack types and attacker models Summary PA197 Secure Network Design 2. Faults, Threats, Attacks Eva Hladká, Luděk Matýska Faculty of Informatics February 27, 2018 Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Q Faults and failures • Internet • Ad-hoc, mobile and vehicular networks • Sensor networks Q Network specific threats • Internet • Sensor networks • Ad-hoc, mobile and vehicular networks Q Attack types and attacker models • Internet • Sensor networks • Ad-hoc, mobile and vehicular networks Q Summary Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Faults and Failures Internet Ad-hoc, mobile and vehicular networks Sensor networks • All systems susceptible to failures 9 Failure resilience mandatory part of the design • unfortunately not true for most commercial systems/networks today • resilience goes with a cost • not possible to build absolute resilience • Faults: some flaws in the system o but sometimes left by design, e.g. just one router for a small network 9 Failures: emergent faults • Random faults: occurrence unpredictable (probability) • Induced (domino): e.g. link disconnection leads to higher service failure • Malicious: results of attacks (usually use some (known) flaw) Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks • Physical • components faults and failures • hardware level, but includes immediate software components e.g. active element operating system fault or failure • Protocols • software layer • shortcomings (limits) of protocols • bugs: incidental and malicious failures • Applications • software layer Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary elected failure examples Internet Ad-hoc, mobile and vehicular networks Sensor networks • Topology failures • Overload • Integrity o Software faults Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary apology failures Internet Ad-hoc, mobile and vehicular networks Sensor networks Cable failures • terrestrial • sub-marine Sub-marine cable threats • fishing and anchoring o natural disasters • earthquake 27th December 2006 damaged the cables near Taiwan, leading to disruption of Internet and telephone service in Asia Pacific region • Hong Kong completely cut off • theft • March 2007, 11 km section of cable connecting Thailand, Vietnam, and Hong Kong removed • Internet speed affected in Vietnam Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Topology failures II Internet Ad-hoc, mobile and vehicular networks Sensor networks • Routing problems • link disconnection and/or node failure « Router failures • (D)DoS attacks • software bugs • example: too long BGP Autonomous Systems paths • Recovery times: • hundreds of milliseconds for intra-domain routing (e.g. OSPF) • minutes for inter-domain routing (BGP) 9 Pakistan "black hole" in 2008 after banning YouTube • propagated through the mis-configuration to the whole world Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks • Result of limited capacity of network equipment • congestion (flash/short/long term) • TCP has congestion control • however independent of routing © simply slowing down instead of re-routing • one of motivations for Software Defined Networks (SDN) • Flash Crowds versus (D)DoS attacks • how to distinguish unusually high but legitimate traffic from malicious traffic? Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures o Bugs in software • development phase • buffer overflow most prominent example • Bugs in configuration • deployment phase • could have wide (global) effect • Pakistan/YouTube, Google search, ... Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Ad-hoc, mobile and vehicular networks Sensor networks • In some aspects similar to Internet • the mobility introduces additional complexity/source of failures • Hardware level • component faults • more fragile "active" elements • frequent failure a property • disconnection due to distance • not possible to distinguish from a failure • Protocols • reliable routing problem • link failure a property, not an exceptional event Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures • Static nodes, but high probability of failure of any individual node 9 Limited life span of a node battery drainage • Interference • Routing and transmission protocols • redundancy versus energy conservation Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Th reats—Overview Physical installation threats • hardware threats • physical damage to the hardware and/or wires • electrical threats • electricity fluctuations (brownouts and spikes) • electricity loss (blackouts) • environments threats • external conditions (temperature, electrostatic and magnetic interferences, humidity etc) • disasters (flood, fire, ...) • maintenance threats • missing, incorrect or damaged spare parts • incorrect or missing labeling of components and cables • poor handling of components o low quality of instalation Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures , ^ m 4- i -c 4-u 4- Internet Network specific threats c a I . /T , I I Sensor networks Attack types and attacker models A , , ,., , . . , , Jr f Ad-hoc, mobile and vehicular networks Summary • Phishing • search ("fish") for personal details • usually using e-mails or social networks o Viruses and worms • malicious software that arrives attached to another (benign) program or data (e.g. e-mail) • replicates within the attacked computer • worm actively tries to attack new systems over the network • Spyware and adware spyware collects information about users on Internet adware a special kind of spyware to help targeting advertisements (without user consent) • Trojans • malicious program like virus, but does not replicate itself • Rogue security software • attacks trust relationship Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures , ^ m 4- i -c 4-u 4- Internet Network specific threats c a I . /T , I I Sensor networks Attack types and attacker models A , , ,., , . . , , Jr f Ad-hoc, mobile and vehicular networks bummary 9 Symantec reports • 2017: https://www.websecurity.symantec.com/ security-topics/istr-2017-infographic • 2015: https://know.elq.Symantec.com/LP=1542 • Main categories • mobile devices and Internet of things • web threats • social media and Scams targeted attacks • data breaches and privacy o e-crime and malware • Statistics from 2017 report Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Breaches Total breaches — Breaches with more than 10 million identities exposed — Total identities exposed — Average identities exposed per breach 2014 2015 2016 11 13_ 15 ^^^^^ ^^^^^ ^^^^^^ ^^^^ ^^^^^^ In the last 8 years more than 7.1 billion identities have been exposed in data breaches Email threats, malware, and bots Spam rate % Phishing rate Email malware rate New malware variants Number of bots - 2014 2015 2016 B 1 in 965 1 in 1,846 1 in 2,596 lin 244 lin 220 lin 131 Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Mobile Web Percentage of scanned websites with vulnerabilities Percentage of which were critical 2015 2016 New Android mobile malware families 2014 2015 2016 New Android mobile malware variants ^^^^^ Average number of web attacks blocked per day 2015 2016 Ransomware Number of detections Ransomware families Average ransom amount ■ B $ $373 $ $294 $ $1,077 Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Cloud JUL-DEC 2015 JAN-JUN 2016 JUL-DEC 2016 Average number of cloud apps used per organization - Percentage of data broadly shared - Internet of Things 2 minutes: time it takes for an loT device to be attacked Speed of attack Number of attacks against Symantec honeypot per hour EC|2016 Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks 03 Targeted attacks: Espionage, subversion, & sabotage Page 15 ISTR April 2017 Notable targeted attack groups Sandworm ,,2024 iSlNBZof01" (| j| """Sr'0 „200! Housefly Aliases/Ooerfag-h, BE2APT Aliases/Equation gpl Tools, tactics, & procedures (TTP) Motives Spear phishing, vulnerabilities, zero- Espionage, sabotage days, custom back door programs, destructive payloads jS>. Target categories & regions iWWl Recent activities Governments, international itftH Linked to destructive organizations, energy, Europe, US attacks against Ukrainian media and energy targets Tools, tactics, & procedures (TTP) X*. Motives BSB Watering holes, infected CD-ROMs, fff Espionage infected USB keys, vulnerabilities, zero-stealing programs, worm program; Target categories & regions tUttt Recent activities Targets of interest to nation-state ttttfl Breached in 2016, with Fritillary „2010 ^-^'^ | ) „2011 Strider Aliases/Cozy Bear, Office Monkeys, Euro APT, Cozyduke, APT29 Aliases/Remsec ^pl Tools, tactics, & procedures (TTP) •*•** Motives Spear phishing, custom back door ff ¥ EsP'°nage, subversion programs Al Target categories & regions iWfl Recent activities \$S) Governments, think tanks, media, IEEIEI Associated with Europe, US Democratic National Committee (DNC) attacks ^Bg Tools, tactics, & procedures (TTP) Motives ■S Advanced surveillance tool fff Espionage Al Target categories & regions |MHl Recent activities ffi^J Embassies, airlines, Russia, China, IEEEII Uncovered by Symantec Sweden, Belgium in 2016 Swallowtail „2007 ■.•*»••*£<"■* | | '""SZ"" „20» Suckfly Aliases/Fancy Bear, APT28, Tsar Team.Sednit Aliases/None ^pl Tools, tactics, & procedures (TTP) **W Motives Spear phishing, watering holes, infected fff Espionage, subversion storage devices, vulnerabilities, zero-stealing programs Target categories & regions iWWl Recent activities \S3) Governments, Europe, US liiUl Associated with WADA and DNC hacks Tools, tactics, & procedures (TTP) Motives ■SB Custom back door programs signed using fff Espionage iSSk Target categories & regions [BBj Recent activities 1$gJ E-commerce, governments, technology, fJUH Targeted attacks healthcare, financial, shipping using multiple stolen code-signing certificate; Cadelle „2012 'l"",Sr°' | |) =">le region of or, BUCkeye Aliases/None Aliases/APT3, UPS, GothicPanda, TG-0110 ^pl Tools, tactics, & procedures (TTP) **W Motives WSM Custom back door programs fff Espionage Target categories & regions [ffff| Recent activities citizens, governments, NGOs targets in Iran and orgs in the Middle East Tools, tactics, & procedures (TTP) a"!"* Motives WSM Spear phishing, zero-days, custom back fff Espionage door programs Target categories & regions gBBj Recent activities (ggj Military, defense industry, media, |g| Shifted focus from Western education, US, UK, Hong Kong targets to Hong Kong Appleworm ,,2022 PossiNorthZ«onsm: (| | „2006 Tick Aliases/Lazarus Aliases/None ^pl Tools, tactics, & procedures (TTP) Motives ■SB Spear phishing, DDoS attacks, disk fff Espionage, sabotage, wiping, zero-days, custom back door subversion and information-stealing programs, destructive payloads jO^. Target categories & regions iWfl Recent activities Financial, military, governments, tiiiii Subject to disruption entertainment, electronics operations in early 2016. Links with Bangladesh Bank attackers Tools, tactics, & procedures (TTP) Motives BSB Spear phishing, watering holes, custom fff Espionage backdoor programs .as. Target categories & regions gBBj Recent activities (@J Technology, broadcasting, aquatic |gg| Long-standing campaign; Back to Table of Contents Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks 06 Cyber crime and the underground economy Page 52 ISTR April 2017 The underground marketplace 1 V Ransomware toolkit É DDoS short duration (< 1 hr) ■ Documents (Passports, utility bills) W. *10- » $5-$20 1 $1-S3 Android banking Trojan 8475 0594 5688 4856 Credit cards * Cloud service account M $200 M $0.5-$30 1 W% $6-$10 1 1 GIFT Gift card Cash-out service . ^ Where V. 2U -4U 1 (of face value) H V; iuu-2Uu 1 K (of acct. value) H k has a price ^ Symantec Back to Table of Contents Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks 07 Ransomware: Extorting businesses and consumers Page 60 ISTR April 2017 Major ransomware threats Locky Cerber CryptXXX Approx. Ransom: $965 Discovery: $1,200 $500 February 2016 April 2016 Spread through: O Email campaigns O Neutrino exploit kit O Nuclear exploit kit O RIG exploit kit O Email campaigns O RIG exploit kit O Magnitude exploit kit O Angler exploit kit O Neutrino exploit kit O One of the most widely spread ransomware threats in 2016 O Spread via massive email campaigns powered by Necurs botnet O Significant drop in Locky prevalence in early 2017 due to reduction in Necurs activity since late December 2016 O Very widespread in late 2016 as a result of extensive email and RIG exploit kit campaigns Email campaigns primarily use JavaScript and Office macro downloaders but may also be attached as a zip file O Disappearance of Angler in early June 2016 prompted a drop in activity O Reemerged in early 2017 delivered via Neutrino exploit kit O Early variants used weak encryption which could be broken. Newer versions employ stronger encryption, making decryption impossible ^Symantec Back to Table of Contents Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks • Major threats: 9 physical • software • Physical threats: • interference battery drainage • overtake of a node • Security • routing mis-information • data loss • data injection Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Ad-hoc, mobile and vehicular networks • Ad hoc network o a network build for a specific purpose • no central base stations or access points • each node sender/receiver • peer to peer and multi=hop architecture • Mobile ad hoc network (MANET) • adds mobility to individual nodes • Vehicular ad hoc network (VANET) o specific version of MANET • (semi)organized (i.e. not completely random) movement of nodes • Roadside Units (RSU) • immobile units • two side communication with cars o specific user interaction modes (drivers disturbance) Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary MANET Properties Internet Sensor networks Ad-hoc, mobile and vehicular networks • Each node can communicate • power constraints for nodes • Communication is possible only between nodes "in range" • the set of neighbours changes in time • bandwidth usually limited • Each node can retransmit a message 9 router capability • multi-hop delivery • General performance a function of cooperation between nodes Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary security problems Internet Sensor networks Ad-hoc, mobile and vehicular networks • Open media • easy to eavesdrop or interfere with • Open routing protocol • no security mechanism 9 Continuously changing topology • easy hiding for an attacker • Relies on cooperation between devices • malicious node can "divert" others • Hijacked nodes Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary VAN ET specific problems Internet Sensor networks Ad-hoc, mobile and vehicular networks Privacy • drivers identity • unit identification (where are they moving) • Clear benefit for a malicious user • divert traffic • clear its own path Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Basic attack modes Internet Sensor networks Ad-hoc, mobile and vehicular networks Passive attacks • not directly influencing the target systems • monitoring the (unencrypted) traffic • authentication information (passwords) • other sensitive information • result is access to information Active attacks • break into a target system • bypass a security perimeter or break through it • manipulate messages • reply, modify, create, delete • impersonation (identity theft), Man-in-the-middle attack o result is access to data, modification of data, DoS Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Security Attacks Active Attacks Other attacks (Routing attacks Denial of Service Passive Attacks Attack against Privacy Monitors Eavesdropping Traffic Analysis Camouflages Adversaries Fabrication Spoofed, altered& replayed routing information Selective Forwarding Sinkhole Sybil Wormhole HELLO Flood Lack of cooperation Node Node Subver Malfun sion ction Modifi cation Node outage Impersonation Eavesdropping False Node Physical Attacks Node Replication Attacks Passive Information Gathering Message Corruption Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary >ybil Attack Internet Sensor networks Ad-hoc, mobile and vehicular networks • Attacker assumes several identities • defeat trust of a reputation system • Used to hide the malicious node (e.g. car in VANET) Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures , ^ Internet Network specific threats c , a I . /T , I I Sensor networks Attack types and attacker models Jr f Ad-hoc, mobile and vehicular networks Summary • Physical attacks • targets the physical infrastructure • immediately indistinguishable form hardware faults • Internet service attacks • Domain Name Service (DNS) 9 e-mail • protocol vulnerabilities (e.g. TCP SYN attack) • Man-in-the-middle attack • DoS and DDoS attacks Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures , ^ Internet Network specific threats c , a I . /T , I I Sensor networks Attack types and attacker models Jr f Ad-hoc, mobile and vehicular networks Summary • Insider attack 9 majority of attacks initiated from within the security perimeter <> Close-in attack • social engineering • physical access/proximity to the network • Phishing attack • Hijack attack • takes over the network session o Exploit attacks • uses known security hole • Protocol attacks • spoof attack • buffer overflow • Password attack • cracking passwords: brute force and dictionary attack • uses access to the file/database with passwords Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks TCP SYN Flood Attack • Exploits "trust" in the the TCP 3-way handshake protocol O client initiates connection with SYN packet O server acknowledges (SYN/ACK) and allocates resources O client sends the final acknowledgment (ACK) • What if client does not respond with ACK? • victim allocates resources (memory) • resources eventually freed through time out • but in the meantime victim not able to serve legitimate requests Simple Denial of Service attack • Attacker does not use its own IP address • why? Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures , ^ Internet Network specific threats c , a I . /T , I I Sensor networks Attack types and attacker models Jr f Ad-hoc, mobile and vehicular networks Summary • A paper of Kuzmanovic&Knightly: Low-Rate TCP-Targeted Denial of Service Attacks. SIG COMM 2003. 9 Exploits TCP congestion control mechanism • Retransmission time-out • Exponentially reduce available bandwidth Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures , ^ Internet Network specific threats c , a I . /T , I I Sensor networks Attack types and attacker models Jr f Ad-hoc, mobile and vehicular networks Summary • Pinciples o mis-uses the congestion avoidance mechanism of TCP • if severe congestion risk is recognized, TCP reduces congestion window to one packet and waits for a period of Retransmission Time Out (RTO) after which the packets is resent • further loss doubles RTO period • short outages (on adversary flow) at around RTT force TCP to timeout; all flows simultaneously enter the same state • when TCP attempts to exit timeout and enter slow-start • adversary creates another outage to force the flows synchronously back to timeout state • Difficult to detect • recognizable: high-rate bursts on short time-scales o And mitigate • randomized minRTO Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Distributed DoS o Single source DoS attack (rather) easily defended • does not mean we know who is the attacker • but we can stop her (usually) 9 Distributed DoS • many sources of attack o each harmless by its own • their quantity is the problem • Uses a (huge) set of attacking machines • under control of attacker: bots, zombies, . .. • innocent (secondary victims) Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures , ^ Internet Network specific threats c , a I . /T , I I Sensor networks Attack types and attacker models Jr f Ad-hoc, mobile and vehicular networks Summary 9 Attacker controls an army of slave machines • result of previous successful attacks • legitimate owners without knowledge • available "on demand" • Synchronized overload of the victim • sending legitimate requests from many sources • victim unable to differentiate the requests o crash of many media servers on September 11th 2001 not by attack but too extensive interest o Usually hierarchical to hide the attacker • attacker directly controls only first layer of machines, these used to control the second layer, not sending the data directly to the victim Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures , ^ Internet Network specific threats c , a I . /T , I I Sensor networks Attack types and attacker models Jr f Ad-hoc, mobile and vehicular networks Summary 9 A smaller set of machines directly controlled by attackers • Exploits "reflector" vulnerabilities of some network protocols • TCP SYN Flood • ICMP 9 Attacker send requests with forged victim's address • requests go to "secondary victims"—innocent machines not under attacker's control o All responses from these secondary victims go to the primary victim—^overload Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks 3 ecurity Attacks onWSN Node outage Physical Attacks Message Corruption False Node Node Replication Attacks Passive Information Gathering Attack aeainst Privacy Other attacks (Routing attacks Denial of Service Node Subversion Node Malfunction Monitors Eavesdropping Traffic Analysis Camouflages Adversaries Spoofed, altered& replayed routing information Selective Forwarding Sinkhole Sybil Wormhole HELLO Flood Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary leep Deprivation Internet Sensor networks Ad-hoc, mobile and vehicular networks Also called resource consumption attack Overload the victim node by requests • route discovery • packets forwarding Exhausts internal resources battery drainage and puts the node off-line Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Ad-hoc, mobile and vehicular networks 9 Passive and active attack as in other network categories • External attacks • nodes that do not belong to the network • Internal attacks • hijacked nodes o Basic attack scenarios: • black hole, wormhole, Byzantine, sleep deprivation Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks • Black hole attack • node reports route availability to targets o announces the shortest route • attracts traffic to the target node through itself • inspects all the packets • modifies, drops, delays them • Wormhole attack • two cooperating malicious nodes • a packet collected by one are sent directly to the other ("wormhole") • disrupts routing when also routing control messages are tunneled o could prevent a discovery of any other routes Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Location disclosure • Collects information about the topology and/or structure of the network • route maps o Useful for future attacks • important in more regular ad hoc networks like the vehicular one • identities of communicating parties 9 Dangerous in security sensitive scenarios • military MANETs Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary pecific VANET attacks Internet Sensor networks Ad-hoc, mobile and vehicular networks o Sybil attacks • Bogus information o Denial of Service o Impersonation (masquerading) o Alteration attack • Reply attack • Illusion attack Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks 9 Adversary deceives sensors in his own car to produce wrong sensor readings • car broadcasts false traffic warning messages 9 Creates an illusion for other cars about the traffic event • Drivers behaviour is modified • ultimate goal of the adversary • Difficult to mitigate with traditional methods like trust schemes, message authentication, message integrity checks Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary • Provided basic classification for • failures and faults • threats • attacks for different kinds of network Internet • sensor networks • ad hoc, mobile and vehicular networks • Similarities and differences between specific networks discussed • random failures versus targeted use of faults • capacity limits • Threats come from nature as well as from attackers • one issue is to properly distinguish these • to properly mitigate their impact 9 Next lecture: Security architecture Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Figs.l&2 on slides 29 and 38 are taken from • Pamavathi et al: A Survey of Attacks, Security Mechanisms and Challenges in WSN. IJCIS, vol.4(l,2), 2009 http://arxiv.org/pdf/0909.0576.pdf Eva Hladká, Luděk Matýska PA197 Secure Network Design 2. Faults, Threats, Attacks