CSC 774 -- Network Security - Dr. Peng Ning

More documents

Recommendations

Info

Resource Clogging Attack Busy computing Many bogus requests With false source IPs • Stopping requests is difficult – We need to provide services. • Ignoring requests is dangerous – Denial of service attacks Computer Science Dr. Peng Ning CSC 774 Network Security 19 Resource Clogging Attack (Cont’d) • Counter measure – If we cannot stop bogus requests, at least we should know from where the requests are sent. – Cookies are used to thwart resource clogging attack • Thwart, not prevent Computer Science Dr. Peng Ning CSC 774 Network Security 20
Resource Clogging Attack (Cont’d) • Cookie – Each side sends a pseudo-random number, the cookie, in the initial message, which the other side acknowledges. – The acknowledgement must be repeated in the following messages. – Do not begin D-H calculation until getting acknowledgement for the other side. Computer Science Dr. Peng Ning CSC 774 Network Security 21 Requirements for cookie generation • The cookie must depend on the specific parties. – Prevent an attacker from reusing cookies. • Impossible to forge – Use secret values • Efficient • Cookies are also used for key naming – Each key is uniquely identified by the initiator’s cookie and the responder’s cookie. Computer Science Dr. Peng Ning CSC 774 Network Security 22
Page 1 and 2: Computer Science CSC 774 -- Network
Page 3 and 4: Security Principles (Cont’d) •
Page 5 and 6: Tunnel Mode Encrypted Tunnel Gatewa
Page 7 and 8: Automatic Key Management • Key di
Page 9: SKIP (Cont’d) • Limitations - N
Page 13 and 14: Oakley Groups • 0 no group (place
Page 15 and 16: ISAKMP Message • Fixed format hea
Page 17 and 18: ISAKMP Domain Of Interpretation (DO
Page 19 and 20: ISAKKMP Payload Types • 8 H hash
Page 21 and 22: ISAKMP Exchanges (Cont’d) Authent

CSC 774 -- Network Security - Dr. Peng Ning

Create successful ePaper yourself

Delete template?

Save as template?