cs642

surveillance & anonymity

adam everspaugh ace@cs.wisc.edu

computer security

todayInternet-wide scanning, zmap

Massive surveillance, packet inspection

Anonymous browsing, TOR

TCPhandshake

SYNseqC,0

SYN/ACKseqS,seqC+1

ACKseqC+1,seqS+1

SYN=synflagsetACK=ackflagsetx,y=xissequence#,yisacknowledge#

Client Server

TCPconnectionestablished

mass scanningWhat if we want to scan the "whole internet"?

Why? / Find all the unsecured webcams [shodani.io] / Find all the broken webservers

How would we do this? / nmap -p 443 0.0.0.0/32 / IPv4: 32-bits - 14% IANA reserved addresses

How long would this take? / Assume mean round-trip time = 100ms

think-pair-share

zmap

[zmap, Durumeric et al.]

ZMap paper: 1300x faster than nmap How?

fast scanning

Client

SYN

SYN

SYN

SYNSYN

SYN

SYN

SYNSYN/ACK

SYN/ACK

SYN/ACK

SYN/ACKRecord responsesRSTRSTRST

zmapa0

a2

a3a4a5

a6

a7

a8

a9 a1

1.1.1.11.1.1.2

1.1.1.3

Can't scan at high-speed in-order Why?

ZMap uses a permutation over the address space

Random ordering, but

don't have to track list of scanned addresses

dual ecInvestigating "rigged" random number generator (RNG) called "dual elliptic curve" (dual EC) RNG

… that could be used in setting up TLS connections

Q: How many web servers support this RNG in real life?

Scanned IPv4 with ZMap / 39M servers responding on port 443 / Took 48 hours from CSL@UW

Probed each web server with instrumented OpenSSL client (recorded TLS handshake) / 22M TLS (half-)handshakes; took 4 weeks

[On the Practical Exploitability of Dual-EC, Checkoway et al.]

AT&TWiretapcase

• MarkKleindisclosespotentialwiretappingactivitiesbyNSAatSanFranciscoAT&Toffice

• FiberopticsplitteronmajortrunklineforInternetcommunications– Electronicvoiceanddatacommunicationscopiedto“secretroom”

– NarusSTA6400device

Interceptiontechnology

• FromNaruswebsite [http://narus.com/index.php/product/narusinsight-intercept]– “Targetbyphonenumber,URI,emailaccount,username,keyword,protocol,applicationandmore”,“Service-andnetworkagnostic”,“IPV6ready”

– Collectsatwirespeedsbeyond10Gbps

Othermajorbackbone

Othermajorbackbone

AT&Tnetwork

Wiretapsurveillance

Interceptiongear

MAE-West(MetropolitanAreaExchange,West)

LargeamountsofInternettrafficcrossrelativelyfewkeypoints

Typesofpacketinspection

userdataApplheaderTCPheaderIPheaderIPdatagram

Deeppacketinspection(DPI)analyzesapplicationheadersanddata

InternetserviceprovidersneedonlylookatIPheaderstoperformrouting Shallowpacketinspection

investigateslowerlevelheaderssuchasTCP/UDP

Whichinspectionismostpowerful?Whatarethetechnologychallenges?

Internet

IntrusionDetectionSystems(IDS)

Outerfirewall

Innerfirewall

Webserver

IDSCustomerdatabases

WhatcananIDSdothataroutercannot?StoreinformationforforensicsMatchknownattackpatterns(malware,XSS,SQLinjection)

Preventingintercept

• End-to-endencryption(TLS,SSH)

• Whatdoesthisprotect?Whatdoesitleak?

• Whatcangowrong?

Othermajorbackbone

AT&Tnetwork

Interceptiongear

IP:1.2.3.4

IP:5.6.7.8

think-pair-share

End-runaroundHTTPS

• HTTPSterminatedatedgeofGooglenetworks

• Internaldatacenter-to-datacentercommunicationsonprivatelyleasedlines

Hidingconnectivityisharder

• IPaddressesarerequiredtoroutecommunication,yetnotencryptedbynormalend-to-endencryption– 1.2.3.4talkedto5.6.7.8overHTTPs

• Howcanwehideconnectivityinformation?

Tor(TheOnionRouter)

Othermajorbackbone

AT&Tnetwork

Interceptiongear

IP:1.2.3.4

IP:5.6.7.8

Othermajorbackbone

TorNodeTorNode TorNode

7.8.9.1 8.9.1.19.1.1.2

Client->7.8.9.1->8.9.1.1->9.1.1.2->DestinationCalledacircuit

HTTPpacketSrc:

9.1.1.2Dest:5.6.7.8

IP:1.2.3.4

IP:5.6.7.8

Encryptedto9.1.1.2Src:

8.9.1.1Dest:9.1.1.2

9.1.1.28.9.1.1

Encryptedto8.9.1.1Src:

8.9.1.1Dest:9.1.1.2

7.8.9.1

Encryptedto7.8.9.1Src:

7.8.9.1Dest:8.9.1.1

Onionrouting:thebasicidea

Torimplementsmorecomplexversionofthisbasicidea

Whatdoesadversarysee?

Othermajorbackbone

AT&Tnetwork

Interceptiongear

IP:1.2.3.4

IP:5.6.7.8

Othermajorbackbone

TorNodeTorNode TorNode

7.8.9.1 8.9.1.19.1.1.2

HTTPpacketSrc:

9.1.1.2Dest:5.6.7.8

Torobfuscateswhotalkedtowhom,needend-to-endencryption(e.g.,HTTPS)toprotectpayload

• Dec2016:EldoKim,Harvardsophomore,sentbombthreatsusingGuerillaMail(anonymousemailservice)

• UsedToRtoconnecttoGuerillaMail(fromhisdormroom)

• Caughtwithin2days

• Howdidhegetcaught?

• GuerillaMailindicateduserconnectedviaToRnode

• FBIcomparedtimestamponemailtoHarvardnetworklogs,

• HewastheonlyoneusingToRatthattime,confessedwhenconfronted

[Asof:April13,2016]

Otheranonymizationsystems

• Single-hopproxyservices

• JonDonym,anonymousremailers(MixMaster,MixMinion),manymore…

Anonymizer.com

recapInternet-wide scanning, zmap

Massive surveillance, packet inspection

Anonymous browsing, TOR