Скачать или смотреть Off-Path Hacking The Illusion of Challenge-Response Authentication - Amir Herzberg

Off-Path Hacking: The Illusion of Challenge-Response Authentication
Lecture by Amir Herzberg of Bar-Ilan University
at Technion-Israel Institute of Technology TCE Summer School 2013
Everyone is concerned about Internet security, yet most traffic is not cryptographically protected. The usual justification is that most attackers are only {\em off-path} and cannot intercept traffic; hence, challenge-response mechanisms suffice to ensure authenticity. Usually, the challenges re-use existing `unpredictable' protocol header fields; this allows use of existing, widely-deployed protocols such as TCP and DNS.
We argue that this practice may only give an {\em illusion of security}. We present our recent off-path TCP injection and DNS poisoning attacks, allowing circumvention of existing challenge-response defenses. Both TCP and DNS attacks are non-trivial, yet very efficient and practical. The attacks allow circumvention of widely deployed security mechanisms, such as a Same Origin Policy, and allow a wide range of exploits, e.g., long-term caching of malicious objects and scripts.
We hope that this article will motivate adoption of cryptographic mechanisms such as SSL/TLS, IPsec and DNSSEC, as well as of correct, secure challenge-response mechanisms. Joint work with Yossi Gilad and Haya Shulman