Mạng máy tính 1 - Attacks overview
DoS attack or DDoS is an
attempt to make a computer
resource unavailable to its
intended users.
Methods of attack
▫ ICMP flood
▫ Teardrop Attacks
▫ Peer-to-peer attacks
17 trang |
Chia sẻ: nguyenlam99 | Lượt xem: 812 | Lượt tải: 0
Bạn đang xem nội dung tài liệu Mạng máy tính 1 - Attacks overview, để tải tài liệu về máy bạn click vào nút DOWNLOAD ở trên
Attacks Overview
Nguyen Cao Dat
1
BK
TP.HCM
Outline
Cryptographic Attacks
▫ Frequency analysis
▫ Brute force attack
▫ Meet-in-the-middle attack
▫ Birthday attack
Network Attacks
▫ Replay attack
▫ Man-in-the-middle attack
▫ Denial-of-service attack
BK
TP.HCM
Frequency analysis
Frequency
analysis is the
study of the
frequency of letters
or groups of letters
in a ciphertext. The
method is used as
an aid to breaking
classical ciphers.
BK
TP.HCM
Brute force attack
brute force attack is a strategy used to break the
encryption of data. It involves traversing the search
space of possible keys until the correct key is found.
The amount of time required to break a 128-bit key is
also daunting. Each of the 2128 possibilities must be
checked. A device that could check a billion billion keys
(1018) per second would still require about 1013 years to
exhaust the key space.
This is a thousand times longer than the age of the
universe, which is about 13,000,000,000 (1.3×1010)
years.
BK
TP.HCM
Meet-in-the-middle attack (1/3)
for small x, we have (1 x) ex. for small x, we have (1 x)
ex.
The attack works by encrypting from one end
and decrypting from the other end, thus meeting
in the middle.
Assume the attacker knows a set of plaintext
and ciphertext: P and C. That is:
BK
TP.HCM
Meet-in-the-middle attack (2/3)
for small x, we have (1 x) ex. for small x, we have (1 x)
ex.
The attacker can then compute EK(P) for all
possible keys K and store the results in memory.
Afterwards he can decrypt the ciphertext by
computing DK(C) for each K.
Any matches between these two resulting sets
are likely to reveal the correct keys. (To speed
up the comparison, the EK(P) set is stored in an
in-memory lookup table, then each DK(C) can be
matched against the values in the lookup table
to find the candidate keys.)
BK
TP.HCM
Meet-in-the-middle attack (3/3)
for small x, we have (1 x) ex. for small x, we have (1 x)
ex.
Once the matches are discovered, they can be
verified with a second test-set of plaintext and
ciphertext. If the keysize is n, this attack uses
only 2n + 1 encryptions (and O(2n) space) in
contrast to the naive attack, which needs 22n
encryptions (but only O(1) space).
BK
TP.HCM
Birthday attack (1/6)
exploits the mathematics behind the birthday problem in
probability theory.
What is the minimum value of k such that the probability
is greater than 0.5 that at least two people in a group of
k people have the same birthday?
P(n, k) = Pr[at least one duplicate in k items, with each
item able to take on one of n equally likely values
between 1 and n]
we are looking for the smallest value of k such that
P(365, k) 0.5
BK
TP.HCM
Birthday attack (2/6)
the probability that there are no duplicates,
which we designate as Q(365, k)
the number of different ways is:
BK
TP.HCM
Birthday attack (3/6)
P(365, 23) = 0.5073. For k = 100, the probability
of at least one duplicate is 0.9999997.
BK
TP.HCM
Birthday attack (4/6)
for small x, we have
(1 - x) ex.
BK
TP.HCM
Birthday attack (5/6)
BK
TP.HCM
Birthday attack (6/6)
What value of k is required such that P(n, k)
0.5? To satisfy the requirement, we have:
For large k, we can replace k x (k -1) by k2, and
we get
As a reality check, for n = 365, we get
which is very close to the
correct answer of 23.
BK
TP.HCM
Replay attack (1/2)
Use a simple method of exploiting a captured packet or
packets, and resend that traffic to cause unexpected
results.
Suppose Alice wants to prove her identity to Bob. Bob
requests her password as proof of identity, which Alice
dutifully provides (possibly after some transformation like
a hash function); meanwhile, Mallory is eavesdropping
the conversation and keeps the password. After the
interchange is over, Mallory connects to Bob posing as
Alice; when asked for a proof of identity, Mallory sends
Alice's password read from the last session, which Bob
accepts.
BK
TP.HCM
Replay attack (2/2)
A way to avoid replay attacks is using session tokens,
session tokens should be chosen by a (pseudo-) random
process.
Timestamping is another way of preventing a replay
attack. The advantage of this scheme is that does not
need to generate (pseudo-) random numbers.
BK
TP.HCM
Man-in-the-middle attack
The man-in-the middle attack intercepts a communication between
two systems
Once the TCP connection is intercepted, the attacker acts as a proxy,
being able to read, insert and modify the data in the intercepted
communication.
Various defenses against MITM attacks use authentication technique
that are based on PKI (Public Key Infrastructure)
BK
TP.HCM
Denial-of-service attack
DoS attack or DDoS is an
attempt to make a computer
resource unavailable to its
intended users.
Methods of attack
▫ ICMP flood
▫ Teardrop Attacks
▫ Peer-to-peer attacks
▫
Các file đính kèm theo tài liệu này:
- networksecurity_attacks_4592.pdf