Network (In)security: Leniency in Protocols' Design, Code and Configuration
Pages 5 - 6
Abstract
Protocols are one of the founding pillars of network communication. Given their importance, protocols have received great attention not only from the research community but also from adversaries. Protocols, particularly their implementations, have been lucrative targets for adversarial attacks to induce network insecurity by compromising the guarantees that these implementations should provide. Most of these attacks can be traced back to the leniency in their design, code, or configuration. Finding leniency in implementations is challenging as these lenient instances are primarily tied to the semantics of the protocol and thus demand for techniques unlike existing approaches that we use for finding low-level memory corruption bugs.
In this talk, I will discuss our experience and lesson learned in detecting leniency in different layers of the TCP/IP network protocol stack. First, I will show how leniency in the design of loss-based TCP congestion control schemes can be exploited by an attacker to manipulate the victim into taking actions favorable for the attacker. I will introduce our model-guided fuzzing approach to find such manipulation attacks in different TCP implementations part of mainstream operating systems (e.g., Linux, Windows). Next, I will focus on leniency in code, where an implementation exhibits noncompliance with its design. Specifically, I will talk about how lenient implementations of X.509 certificate validation in SSL/TLS libraries can be exploited by an attacker to mount impersonation attacks. Finally, I will highlight that it is not always the protocol's design or code, sometimes it is humans: the users and/or the IT (Information Technology) administrators. Specifically, I will present our multifaceted measurement study where we examined the WPA2-Enterprise Wi-Fi configurations prescribed in tertiary education institutes (TEIs) around the world. I will share our findings about the widespread insecure practices that can leave users of these institutes open to credential theft[2].
References
[1]
Sze Yiu Chau, Omar Chowdhury, Endadul Hoque, Huangyi Ge, Aniket Kate, Cristina Nita-Rotaru, and Ninghui Li. 2017. Symcerts: Practical symbolic execution for exposing noncompliance in X. 509 certificate validation implementations. In Proceedings of the 2017 IEEE Symposium on Security and Privacy (S&P). IEEE, 503--520.
[2]
Man Hong Hue, Joyanta Debnath, Kin Man Leung, Li Li, Mohsen Minaei, M. Hammad Mazhar, Kailiang Xian, Endadul Hoque, Omar Chowdhury, and Sze Yiu Chau. 2021. All Your Credentials Are Belong to Us: On Insecure WPA2-Enterprise Configurations. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21). New York, NY, USA. https://doi.org/10.1145/3460120.3484569
[3]
Samuel Jero, Md Endadul Hoque, David R Choffnes, Alan Mislove, and Cristina Nita-Rotaru. 2018. Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach. In Proceedings of the 2018 Network and Distributed System Security Symposium (NDSS '18).
Index Terms
- Network (In)security: Leniency in Protocols' Design, Code and Configuration
Recommendations
On remote exploitation of TCP sender for low-rate flooding denial-of-service attack
This letter shows a potentially harmful scenario named Induced-shrew attack in which a malicious TCP receiver remotely controls the transmission rate and pattern of a TCP sender to exploit it as a flood source for launching low-rate Denial-of-Service (...
On the security of RFID anti-counting security protocol (ACSP)
Recently Qian et al. (2012) [26] have proposed a new attack for RFID systems, called counting attack, where the attacker just aims to estimate the number of tagged objects instead of steal the tags' private information. They have stated that most of ...
Design guidelines for security protocols to prevent replay & parallel session attacks
This work is concerned with the design of security protocols. These protocols are susceptible to intruder attacks and their security compromised if weaknesses in the protocols' design are evident. In this paper a new analysis is presented on the reasons ...
Comments
Information & Contributors
Information
Published In
June 2022
282 pages
ISBN:9781450393577
DOI:10.1145/3532105
- General Chair:
- Sven Dietrich,
- Program Chairs:
- Omar Chowdhury,
- Daniel Takabi
Copyright © 2022 Owner/Author.
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 June 2022
Check for updates
Author Tags
Qualifiers
- Keynote
Funding Sources
Conference
SACMAT '22
Sponsor:
SACMAT '22: The 27th ACM Symposium on Access Control Models and Technologies
June 8 - 10, 2022
NY, New York, USA
Acceptance Rates
Overall Acceptance Rate 177 of 597 submissions, 30%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 123Total Downloads
- Downloads (Last 12 months)64
- Downloads (Last 6 weeks)13
Reflects downloads up to 27 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in