Faults and failures Network specific threats Attack types and attacker models Summary PA197 Secure Network Design 1. Faults, Threats, Attacks Eva Hladká, Luděk Matýska Faculty of Informatics February 28, 2024 Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Q Faults and failures • Internet • Ad-hoc, mobile and vehicular networks • Sensor networks Q Network specific threats • Internet • Sensor networks • Ad-hoc, mobile and vehicular networks Q Attack types and attacker models • Internet • Sensor networks • Ad-hoc, mobile and vehicular networks Q Summary Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Faults and Failures Internet Ad-hoc, mobile and vehicular networks Sensor networks All systems susceptible to failures Failure resilience mandatory part of the design • unfortunately not true for most commercial systems/networks today • resilience goes with a cost • not possible to build absolute resilience Faults: some flaws in the system o but sometimes left by design, e.g. just one router for a small network Failures: emergent faults • Random faults: occurrence unpredictable (probability) • Induced (domino): e.g. link disconnection leads to higher service failure • Malicious: results of attacks (usually use some (known) flaw) Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Ad-hoc, mobile and vehicular networks Sensor networks • Physical • components faults and failures • hardware level, but includes immediate software components e.g. active element operating system fault or failure • Protocols • software layer • shortcomings (limits) of protocols • bugs: incidental and malicious failures • Applications • software layer Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Selected failure examples Internet Ad-hoc, mobile and vehicular networks Sensor networks • Topology failures • Overload • Integrity o Software faults Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Topology failures Internet Ad-hoc, mobile and vehicular networks Sensor networks • Cable failures • terrestrial • sub-marine • Sub-marine cable threats • fishing and anchoring 9 natural disasters • earthquake 27th December 2006 damaged the cables near Taiwan, leading to disruption of Internet and telephone service in Asia Pacific region • Hong Kong completely cut off • theft • March 2007, 11 km section of cable connecting Thailand, Vietnam, and Hong Kong removed • Internet speed affected in Vietnam Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Ad-hoc, mobile and vehicular networks Sensor networks To pology failures • Routing problems • link disconnection and/or node failure o Router failures • (D)DoS attacks • software bugs • example: too long BGP Autonomous Systems paths • Recovery times: • hundreds of milliseconds for intra-domain routing (e.g. OSPF) • minutes for inter-domain routing (BGP) • Pakistan "black hole" in 2008 after banning YouTube • propagated through the mis-configuration to the whole world • see e.g. https://www.cnet.com/news/ how-pakistan-knocked-youtube-offline-and-how-to-make-sure Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Overload failures Internet Ad-hoc, mobile and vehicular networks Sensor networks • Result of limited capacity of network equipment • congestion (flash/short/long term) • TCP has congestion control • however independent of routing • simply slowing down instead of re-routing • one of motivations for Software Defined Networks (SDN) • Flash Crowds versus (D)DoS attacks • how to distinguish unusually high but legitimate traffic from malicious traffic? Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Ad-hoc, mobile and vehicular networks Sensor networks 9 Bugs in software • development phase • buffer overflow most prominent example • Bugs in configuration • deployment phase • could have wide (global) effect • Pakistan/YouTube, Google search, ... Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Ad-hoc, mobile and vehicular networks Sensor networks • In some aspects similar to Internet • the mobility introduces additional complexity/source of failures • Hardware level • component faults • more fragile "active" elements • frequent failure a property • disconnection due to distance o not possible to distinguish from a failure • Protocols • reliable routing problem • link failure a property, not an exceptional event Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures • Static nodes, but high probability of failure of any individual node • Limited life span of a node battery drainage • Interference 9 Routing and transmission protocols • redundancy versus energy conservation Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Th reats—Overview Physical installation threats • hardware threats • physical damage to the hardware and/or wires • electrical threats • electricity fluctuations (brownouts and spikes) • electricity loss (blackouts) • environments threats • external conditions (temperature, electrostatic and magnetic interferences, humidity etc) • disasters (flood, fire, ...) • maintenance threats • missing, incorrect or damaged spare parts • incorrect or missing labeling of components and cables • poor handling of components • low quality of installation Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Internet threats • Phishing • search ("fish") for personal details • usually using e-mails or social networks o Viruses and worms • malicious software that arrives attached to another (benign) program or data (e.g. e-mail) • replicates within the attacked computer • worm actively tries to attack new systems over the network • Spyware and adware spyware collects information about users on Internet adware a special kind of spyware to help targeting advertisements (without user consent) • Trojans • malicious program like virus, but does not replicate itself • Rogue security software • attacks trust relationship Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Internet Security Threat Report • Symantec reports • 2019: https://www.symantec.com/content/dam/ symantec/docs/reports/istr-24-2019-en.pdf • 2017: https://www.websecurity.symantec.com/ security-topics/istr-2017-infographic • Main categories • mobile devices and Internet of things • web threats • formjacking and cryptojacking • targeted attacks • data breaches and privacy • ransom ware • election interference • Statistics from 2019 report (Symantec bought by Broadcom) Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks CRYPTOJACKING 8M Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks NEW MALWARE VARIANTS (YEAR) TOP NEW MALWARE VARIANTS (MONTH) YEAR NEW VARIANTS PERCENT CHANGE 2016 357,019,453 0.5 2017 669,947,865 87.7 2018 246,002,762 -63.3 Emotet continued to aggressively expand its market share in 2018, accounting for 16 percent of financial Trojans, up from 4 percent in 2017. 35M 30M 25M 20M 15M 10M 5M JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC XM.Mailcab@mm W32.Ramnit!html Trojan.Kotver!gm2 Heur.AdvML.C WS.Reputation.l W32.Almanahe.B!inf PUA.WASMcoinminer Heur.AdvML.E W32.Sality.AE JS.Webcoinminer ^Symantec. ISTR 24 I February 2019 Facts and Figures 32 Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks While the overall number of mobile malware infections fell during 2018, there was a rapid increase in the number of ransomware infections on mobile devices, up by a third when compared to 2017. The U.S. was the worst affected by mobile ransomware, accounting for 63 percent of infections. It was followed by China (13 percent) and Germany (10 percent). Managing mobile device security continues to present a challenge for organizations. During 2018, one in 36 devices used in organizations were classed as high risk. This included devices that were rooted or jail broken, along with devices that had a high degree of certainty that malware had been installed. ONE IN MOBILE DEVICES HAD HIGH RISKAPPS INSTALLED 33° t MOBILE RANSOMWARE INFECTIONS INCREASED FROM 2017 r Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks In 2018,1 in 10 URLs analyzed were identified as being malicious, up from 1 in 16 in 2017. Additionally, despite a drop off in exploit kit activity, overall web attacks on endpoints increased by 56 percent in 2018. By December, Symantec was blocking more than 1.3 million unique web attacks on end point machines every day. Formjacking was one of the biggest cyber security trends of the year, with an average of 4,800 websites compromised with formjacking code every month in 2018. Formjacking is the use of malicious JavaScript code to steal payment card details and other information from payment forms on the checkout web pages of eCommerce sites, and in total Symantec blocked 3.7 million formjacking attempts on endpoint devices in 2018. More than a third of formjacking activity took place in the last quarter of 2018, with 1.36 million formjacking attempts blocked in that period alone. FORMJACKING ACTIVITY More than a third of the formjacking activity took place in the last quarter of 2018. 1,400,000 4th QTR 1,200,000 Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks TARGETED ATTACKS While the overall number of targeted attacks was down somewhat last year, the most active groups stepped up their activity, attacking an average of 55 organizations over the past three years, up from 42 between 2015 and 2017. Spear-phishing emails remained the most popular avenue for attack and were used by 65 percent of all known groups. The most likely reason for an organization to experience a targeted attack was intelligence gathering, which is the motive for 96 percent of groups. Alongside the rise in popularity of living off the land tactics, the use of zero-day vulnerabilities declined in 2018, with only 23 percent of groups known to have exploited zero days, down from 27 percent in 2017. While still a niche area, the use of destructive malware continued to grow. Eight percent of groups were known to use destructive tools, a 25 percent increase over 2017. ESPIONAGE INDICTMENTS BY U.S. AUTHORITIES SPEAR PHISHING INTELLIGENCE GATHERING 2015-2017: AVG 42 ORGS TARGETED PER GROUP (20 MOST ACTIVE GROUPS) 49 2016-2018: AVG 55 ORGS TARGETED PER GROUP (20 MOST ACTIVE GROUPS) 4-23% Groups using zero-day vulnerabilities T8% Groups using destructive malware NORTH KOREA Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks UNDERGROUND ECONOMY ACCOUNTS Restaurant gift cards 15-40% of value Online retailer gift cards 15-50% of value Online banking accounts (depending on value s verification) 0.5%-10% of value Socks proxy account $0.10-2 Video and music streaming accounts $0.10-10 Cloud service account $5-10 Gaming platform account $0.50-12 Hacked email accounts (2,500) $1-15 VPN services $1-20 Hotel loyalty (reward program accounts with 100,000 points) Various services (morethan 120« different accounts) $0.50-25 RDP login credentials $3-30 Retail shopping account $0.50-99 Online payment accounts (depending on value & verification) IDENTITIES Stolen or fake identity (name, SSN, and DOB) | $0.10-1.50 Medical notes and prescriptions Mobile phone online account Stolen medical records $0.10-35 ID/passport scans or templates Scanned documents (utility bin,etc.) (0.50-45 Full ID packages (name, address, phone, SSN, email, bank account, etc.) Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks UNDERGROUND ECONOMY IDENTITIES (CONT.) Fake health care ID cards Parcel drop off box for deliveries Fake ID, driver license, passport, etc. MONEY TRANSFER SERVICES Cash redirector service for bank accounts .1-15% of value Cash redirector service for online payment system 1-5% of value Pay $100 in Bitcoin and get a money transfer of $1000 $100 Cash redirector service 5-20% of value Office macro downloader generator DDoS bot software Cryptocurrency stealer malware Cryptocurrency miner (e.g. uonero) Ransomware toolkit Common banking Trojans toolkit with support Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks UNDERGROUND ECONOMY Airline ticket and hotel bookings 10% of value Money laundering service {into cash or cryptocurrencies) 4-40% Cash OUt service (bank account, ATM card, mdfakcID) $350 Hacker for hire $100+ Custom phishing page service DDoS service, Short duration <1 hour (medium protected targets) DDoS service, duration >24h {medium and strong protected targets) PAYMENT CARDS Single credit card Single credit card with full details (fuiiz) Dump of magnetic strip track 1/2 data (e.g.from skimming) SOCIAL MEDIA 100 likes on social media platforms 500 social media followers 100,000 social media video views "hese prices ere taker ton publicly accessible i. rcercroirc mns and dark web TOR sites. Closed, private forums tend to bave even lower prices. We cannot verify if tbe goods are genuinely sold for tbe asked price, some oftbem migbt be fake offers Eva Hladká', Luděk Matýska :twork Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Sensor networks • Major threats: 9 physical • software • Physical threats: • interference battery drainage • overtake of a node • Security • routing mis-information • data loss • data injection Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular network • Ad hoc network o a network build for a specific purpose • no central base stations or access points • each node sender/receiver • peer to peer and multi=hop architecture • Mobile ad hoc network (MANET) • adds mobility to individual nodes • Vehicular ad hoc network (VANET) o specific version of MANET • (semi)organized (i.e. not completely random) movement of nodes • Roadside Units (RSU) • immobile units • two side communication with cars • specific user interaction modes (drivers disturbance) Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks MAN El r Pro perti ies • Each node can communicate • power constraints for nodes • Communication is possible only between nodes "in range" • the set of neighbours changes in time • bandwidth usually limited • Each node can retransmit a message 9 router capability • multi-hop delivery • General performance a function of cooperation between nodes Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Security probler TI IS • Open media • easy to eavesdrop or interfere with • Open routing protocol • no security mechanism 9 Continuously changing topology • easy hiding for an attacker 9 Relies on cooperation between devices • malicious node can "divert" others • Hijacked nodes Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks VAN ET specific problems Privacy • drivers identity • unit identification (where are they moving) • Clear benefit for a malicious user • divert traffic • clear its own path Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Basic attack modes Internet Sensor networks Ad-hoc, mobile and vehicular networks 9 Passive attacks • not directly influencing the target systems • monitoring the (unencrypted) traffic • authentication information (passwords) • other sensitive information • result is access to information • Active attacks • break into a target system • bypass a security perimeter or break through it • manipulate messages • reply, modify, create, delete • impersonation (identity theft), Man-in-the-middle attack o result is access to data, modification of data, DoS Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular network Other attacks (Routing attacks Denial of Service Monitor & Eavesdropping Traffic Analysis Camouflages Adversaries Fabrication Spoofed, altered& replayed routing information Selective Forwarding Sinkhole Sybil Wormhole HELLO Flood Lack of cooperation Node Node Subver Malfun sion ction Modifi cation Node outage Impersonation Eavesdropping False Node Physical Attacks Node Replication Attacks Passive Information Gathering Message Corruption Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Sybil Attack Internet Sensor networks Ad-hoc, mobile and vehicular networks 9 Attacker assumes several identities • defeat trust of a reputation system • Used to hide the malicious node (e.g. car in VANET) Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks • Physical attacks • targets the physical infrastructure • immediately indistinguishable form hardware faults • Internet service attacks • Domain Name Service (DNS) 9 e-mail • protocol vulnerabilities (e.g. TCP SYN attack) • Man-in-the-middle attack • DoS and DDoS attacks Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Other types of attack • Insider attack • majority of attacks initiated from within the security perimeter o Close-in attack • social engineering • physical access/proximity to the network • Phishing attack 9 Hijack attack • takes over the network session • Exploit attacks • uses known security hole o Protocol attacks • spoof attack • buffer overflow • Password attack • cracking passwords: brute force and dictionary attack • uses access to the file/database with passwords Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks TCP SYN Flood Attack • Exploits "trust" in the the TCP 3-way handshake protocol O client initiates connection with SYN packet 0 server acknowledges (SYN/ACK) and allocates resources O client sends the final acknowledgment (ACK) • What if client does not respond with ACK? • victim allocates resources (memory) • resources eventually freed through time out • but in the meantime victim not able to serve legitimate requests Simple Denial of Service attack • Attacker does not use its own IP address • why? Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Low Rate 1 rc p DoS • A paper of Kuzmanovic&Knightly: Low-Rate TCP-Targeted Denial of Service Attacks. SIG COMM 2003. • Exploits TCP congestion control mechanism • Retransmission time-out • Exponentially reduce available bandwidth Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Low Rate TCP DoS II Internet Sensor networks Ad-hoc, mobile and vehicular networks • Pinciples • mis-uses the congestion avoidance mechanism of TCP 9 if severe congestion risk is recognized, TCP reduces congestion window to one packet and waits for a period of Retransmission Time Out (RTO) after which the packets is resent • further loss doubles RTO period • short outages (on adversary flow) at around RTT force TCP to timeout; all flows simultaneously enter the same state • when TCP attempts to exit timeout and enter slow-start • adversary creates another outage to force the flows synchronously back to timeout state • Difficult to detect • recognizable: high-rate bursts on short time-scales o And mitigate • randomized minRTO Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks o Single source DoS attack (rather) easily defended • does not mean we know who is the attacker • but we can stop her (usually) • Distributed DoS • many sources of attack • each harmless by its own • their quantity is the problem • Uses a (huge) set of attacking machines • under control of attacker: bots, zombies, . .. • innocent (secondary victims) Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Multiple Source DDoS Attack 9 Attacker controls an army of slave machines • result of previous successful attacks • legitimate owners without knowledge • available "on demand" • Synchronized overload of the victim • sending legitimate requests from many sources • victim unable to differentiate the requests o crash of many media servers on September 11th 2001 not by attack but too extensive interest o Usually hierarchical to hide the attacker • attacker directly controls only first layer of machines, these used to control the second layer, not sending the data directly to the victim Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks DDoS Reflector Attack o A smaller set of machines directly controlled by attackers • Exploits "reflector" vulnerabilities of some network protocols • TCP SYN Flood • ICMP 9 Attacker send requests with forged victim's address • requests go to "secondary victims"—innocent machines not under attacker's control o All responses from these secondary victims go to the primary victim—^overload Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks 3 ecuritv Attacks onWSN Node outage Physical Attacks Message Corruption False Node Node Replication Attacks Passive Information Gathering Attack against Privacy Other attacks (Routing attacks Denial of Service Node Subversion Node Malfunction Monitors Eavesdropping Traffic Analysis Camouflages Adversaries Spoofed, altered& replayed routing information Selective Forwarding Sinkhole Svbü Wormhole HELLO Flood Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Slee p De privation Also called resource consumption attack Overload the victim node by requests • route discovery • packets forwarding Exhausts internal resources battery drainage and puts the node off-line Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular network • Passive and active attack as in other network categories • External attacks • nodes that do not belong to the network • Internal attacks • hijacked nodes o Basic attack scenarios: • black hole, wormhole, Byzantine, sleep deprivation Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks • Black hole attack • node reports route availability to targets • announces the shortest route • attracts traffic to the target node through itself • inspects all the packets • modifies, drops, delays them • Wormhole attack • two cooperating malicious nodes • a packet collected by one are sent directly to the other ("wormhole") • disrupts routing when also routing control messages are tunneled o could prevent a discovery of any other routes Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks Locatioi i disclosu re • Collects information about the topology and/or structure of the network • route maps o Useful for future attacks • important in more regular ad hoc networks like the vehicular one • identities of communicating parties • Dangerous in security sensitive scenarios • military MANETs Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Specific VAN ET attacks Internet Sensor networks Ad-hoc, mobile and vehicular networks o Sybil attacks • Bogus information o Denial of Service o Impersonation (masquerading) • Alteration attack • Reply attack • Illusion attack Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary Internet Sensor networks Ad-hoc, mobile and vehicular networks 9 Adversary deceives sensors in his own car to produce wrong sensor readings • car broadcasts false traffic warning messages 9 Creates an illusion for other cars about the traffic event • Drivers behaviour is modified • ultimate goal of the adversary • Difficult to mitigate with traditional methods like trust schemes, message authentication, message integrity checks Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary • Provided basic classification for • failures and faults • threats • attacks for different kinds of network Internet • sensor networks • ad hoc, mobile and vehicular networks • Similarities and differences between specific networks discussed • random failures versus targeted use of faults • capacity limits • Threats come from nature as well as from attackers • one issue is to properly distinguish these • to properly mitigate their impact • Next lecture: Security architecture Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks Faults and failures Network specific threats Attack types and attacker models Summary 9 Figs.l&2 on slides 29 and 38 are taken from • Pamavathi et al: A Survey of Attacks, Security Mechanisms and Challenges in WSN. IJCIS, vol.4(l,2), 2009 http://arxiv.org/pdf/0909.0576.pdf Eva Hladká, Luděk Matýska PA197 Secure Network Design 1. Faults, Threats, Attacks