Security of IP networks

Question 1

Which are, in general, the components that take care of network access? Which are their goals (in short)?

Answer 1

NASs (Network Access Server) and Authentication Servers

NAS goal: it has to authenticate the user, perform access control and, if access is given, provide access to the IP network.

AS goal: it perform 3 functions that are authentication, authorization and accounting

Question 2

Which are the protocols that work in between end points and NAS? (general name and example)

Answer 2

Network Access Protocols (PAP, CHAP, EAP)

Question 3

Which are the protocols that work in between NAS and AS? (general name and example)

Answer 3

Network Authentication Protocols (Radius, Diameter, Tacacs)

Question 4

Modern network access schema

Answer 4

there is the last mile (that goes till the end point via WIFI, Ethernet, 3-4-5G, …) that communicates with the border element (base station (antenna), border gateway, access point) that in the end is connected with the core network where the authentication server is and that communicates with it via an authentication protocol.

Question 5

PPP

Answer 5

Point-to-Point Protocol

It is able to encapsulate network packets (L3 -> IP) and transport them over a point-to-point link. This link can be both physical and virtual (virtual both on L2 and L3).

The PPP activation is made of 3 steps:
1. Link Control Protocl - LCP: it establishes, configures and tests the L2 connection. It can also negotiate the authentication protocol and the algorithm
2. authentication (optional) via a network access protocol (PAP, CHAP, EAP -> these protocols are not only used for PPP).
3. encapsulation of the L3 packet via a Network Control Protocol - NCP

The protocol configuration of point 2 is made using the Configuration Option that specifies:
- type (8 bit): option type
- length (8 bit): length of the option type
- authN protocol: protocol identifier
- [algorithm]: optional, algo identifier

example:
PAP: 3, 4, 0xC023
CHAP: 3, 5, 0xC223, 5

Question 6

On which principles are the network authentication protocols based?

Answer 6

Triple A features:
* Authentication
* Authorization
* Accounting

Question 7

PAP

Answer 7

Password Authentication Protocol
* the authentication process is made just once when the channel is created: it is made sending user-id and psw in clear -> really dangerous for both these reasons
* that means that it is subject to sniffing attack
* messages have an identifier to match Request and Response because messages could be lost
* for the same reason (packets can be lost) multiple requests have to be permitted
* the ID blocks replay attacks
* 2-way handshake

2-way handshake:
* Authenticate-Request: code + ID + length + peer-ID + peer-ID length + psw + psw length
* Authenticate-Response: code + ID + length + msg + msg length -> code = 2 is NAK, code = 3 is ACK

Question 8

CHAP

Answer 8

Challenge Response Authentication Protocol

• the challenge is a nonce
• Symmetric CRA: password based, MD5
• the authN process is compulsory at the channel creation and the NAS can decide to repeate it during the transmission with a different challenge
• packets can be lost so the Authenticator must resend the challenge if there is no response
• there is the msgID field to match request and response-> no replay attacks
• the authenticator that offers both PAP and CHAP MUST offer CHAP first
• 3-way handshake protocol

3-way handshake protocol:
1. challenge: code + ID + length + challenge-size + challenge-value
2. response: code + ID + length + response-size + response-value -> response-value = md5(ID || psw || challenge-value)
3. result: code + ID + length

Microsoft implemented its own CHAP version: MS-CHAP

Question 9

EAP

Answer 9

Extensible Authentication Protocol

It is a flexible L2 authentication framework.

EAP architecture:
* method Layer: TLS, SIM, …
* EAP layer
* media Layer: PPP, 802.x, …

• it uses an external authentication method that can be predefined (MD5-challenge, OTP, token card, …) or not (EAP-TLS, EAP-MD5, … )
• it has its own encapsulation protocol because at this level L3 packets are not yet available
• EAP does not assume that the link is physically secure (L2 link has no reliability) -> EAP methods must provide security on their own

EAP encapsulation protocol:
* independent of IP
* it supports any link layer (PPP, 802…)
* it uses NAK and ACK but there is not a transmission window
* it assumes that the packets arrived are in the right order. If they are not it doesn’t work
* there is retransmission but just for a limited number of times (3-5)
* no fragmentation: external EAP methods take care of matching the EAP MTU

Question 10

MS-CHAP

Question 11

Which are the AS duties and where do they come from?

Answer 11

NAS manufacturers claim that security is based on three functions:
1. authentication: an entity requires to be authenticated and this is permitted or not checking its credentials
2. authorization: determining if the authenticated entity can perform a given activity or gain access to resources/services
3. accounting: tracking network resource usege for audit support, billing purposes and capacity analysis

Authentication Servers have to perform these function by working together with multiple NASs

Question 12

Which are the network authentication protocols?

Answer 12

• RADIUS
• Diameter
• Tacacs

Question 13

Diameter

Answer 13

It is a RADIUS evolution that focuses on roaming between different ISPs and security by using IPsec and TLS.

Question 14

Tacacs

Answer 14

It is theoretically better that RADIUS but it belong to CISCO so it has not gained a lot of acceptance

Question 15

RADIUS

Answer 15

Remote Authentication Dial-IN User Service

• It is obv based on the triple AAA and for that reason supports authentication ,authorization and accounting.
• It supports access both via physical and virtual ports.
• There is a client-server schema between AS and NAS so there are secondary servers and the possibility for retransmission. Also the RADIUS server might act ass a proxy server towards other authentication servers AS
• Accounting and administration are centralized.
• port 1812/UDP for authentication and port 1813/UDP for accounting
• the user authentication is made via PAP, CHAP, EAP, token card
• RADIUS requests and responses are characterized by code + ID + length + authenticator + attributes in the TLV format
• the attributes are the ones for the authentication

Authenticator:
* useful to match request and response + to mask the password
* in Access-Request it is named the Request Authenticator and it is made of 16 Bytes randomly generated by the NAS
* in Access-reject/accept/challenge: it is named Response Authenticator and it is computed via a keyed digest: md5(code || id || length || request authenticator || attributes || secret)

RADIUS packet types:
* access-request: contain user’s access credentials
* access-challenge: to request additional nfo from the user
* access-reject
* access-accept: if authentication success the user needs network parameters

Possible attacks and security functionalities needed
* sniffing attacks beacuse the NAS request contains the psw
* psw enumeration (from fake NAS)
* AS subject to a DoS attack due to fake NAS requests
* fake AS response or change of its response

Needed properites:
* authN and confidentiality for NAS request
* authN + integrity for AS response
* ID to connect request and response
* server scalability (anti DoS)

How they are obtained:
- packet integrity and authN via a keyed-MD5 where the key is a shared secret -> clients without a key are ignored
psw XOR MD5(psw || authenticator) where the psw is NUL padded to a multiple of 128 bit

Question 16

NAI

Answer 16

Network Access Identifier
* NAI = username[@realm]
* all devices must support NAI up to 72 bytes
* only ASCII characters < 128

Question 17

Example: CHAP + RADIUS

Answer 17

image

Question 18

IEEE 802.1x

Answer 18

• L2 architecture to manage network access control. It provides an authentication system, key management system and optional services such as authentication + encryption
• key management: IEEE 802.1x may derive key session to use in authentication, integrity and confidentiality. It uses standard algorithms for key derivation such as TLS
• used for devices that want to access a LAN or a WAN
• it is compulsory for a WLAN and optional for a LAN

It is made of three principal components:
1. Supplicant: the device that seeks to connect to the network. It directly communicated with the authentication server
2. Authenticator/etherNAS: typically a switch or an access point that acts as an intermediary (pass-through device), receiving credentials from the supplicant and forwarding them to an authentication server.
3. Authentication Server: verifies the supplicant’s credentials. Often, this role is served by a RADIUS server. There is a direct dialogue between the supplicant and th authentication server

For example, given RADIUS and EAP:
- supplicant - authenticator: EAPOL (the authenticator is a switch) or EAPOW (the authenticator is an access point) is used
- authenticator - auhtentication server: EAPOR

Question 19

IEEE 802.1x: example of messages using EAPOL and EAPOR

Answer 19

1. EAPOL start form the supplicant
2. EAP-Request/Identity from the switch (auhtenticator)
3. EAP-Response/Identity
4. Radius-Access-Request
5. Radius-Access-Challenge
6. EAP-Request
7. EAP-Response (credentials)
8. Radius-Access-Request
9. Radius-Access-Accept
10. EAP-Success

Question 20

Eduroam

Answer 20

It is an hierarchycal system that allows users to connect to the internet through the Wi-Fi network of any participating institution using the same login credentials (username and password) they would use at their home institution.

Eduroam uses IEEE 802.1X for network authentication combined with a RADIUS backend infrastructure to manage the exchange of user credentials between the home and visited institutions.

Question 21

Which is the best OSI level to implement security?

Answer 21

• the upper we go in the stack, the more specific are the security functions (e.g. it’s possible to identify the user, commands, data) and independent from the underlying network … but we leave more room for DoS attacks
• the lower we go in the stack, the more quickly we can “expel” the intruders … but the fewer the data for the decision (e.g. only the MAC or IP addresses, no user identification, no commands)

Question 22

DHCP in short

Answer 22

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters (such as netmask, default gateway, local nameserver, local DNS suffix…) to each device on a network.
It is non-authenticated an broadcast.

Question 23

DHCP problems and related attacks

Answer 23

• non-authenticated (!!)
• broadcast (!)
• activation of a fake DHCP server is trivial because the DHCP request is L2 broadcast

Possible attacks from the fake DHCP server:
* denial-of-service by providing a wrong network configuration
* MITM that provides configuration with 2-bit subnet + gw equal attacker or that, if NAT is active, can intercept the replies too
* malicious name-address translation (e.g. for phishing, pharming)

Question 24

DHCP protection (possible solutions)

Answer 24

Solution 1: some switches (e.g. Cisco) offer the following solutions:
* DHCPsnooping = only transmit replies from “trusted ports”
* IP guard = switching only IPs got from a DHCP server (but there is a limit to the number of recognized addresses)

Solution 2: RFC-3118 “Authentication for DHCP messages”
* use of HMAC-MD5 to authenticate the messages
* problem = key distribution and management (shared key!) -> rarely adopted

Question 25

Which possibilities do we have to have security at a L3 level? Which are their principal features?

Answer 25

• end-to-end protection fro L3 homogeneus networks
• VPN

End-to-end protection
* data are secure as soon as they exit the end device (server/client)
* secure even if they pass through an unsecure net
* the only possible attacks are those inside the client or the server + DoS
* this is IPsec in transport mode

VPN
* it is an HW or SW technique to have a private secure net even using shared and untrusted channels and devices
* it can be implemented with 3 techniques: via private addressing, via protected routing (IP tunnel), via cryptographic protection of the packets (secure IP tunnel (IPsec in tunnel mode))

Question 26

VPN via private addresses

Answer 26

The networks to be part of the VPN use non-public addresses so that they are unreachable from other networks (e.g. private IANA networks as per RFC-1918)

This protection can be easily defeated if somebody:
* guesses or discovers the addresses
* can sniff the packets during transmission
* has access to the communication devices

No protection for either of client, server, packets

Question 27

VPN via tunnel

Answer 27

= VPN via protected routing

The routers encapsulate whole L3 packets as a payload inside another packet
* IP in IP
* IP over MPLS
* other (e.g. IP over TLS)
The routers perform access control to the VPN by ACL (Access Control List).

This protection can be defeated by anybody that manages a router or can sniff the packets during transmission. Packets can be read, manipulated and injected during transmission

Protection just for the server
No protection for client, packets

Question 28

VPN via secure IP tunnel

Answer 28

= VPN via cryptographic protection of network packets, also known as S-VPN (Secure VPN)

1. Before encapsulation, the packets are protected with: MAC (integrity + authentication), encryption (confidentiality), numbering (to avoid replay). These cryptographic functions are taken care of by the TAP
2. The router takes care of the encapsulation and decapsulation processes

TAP and Router are associated BUT the TAP should be managed by the client and the router by the ISP, otherwise it is fake security.

If the cryptographic algorithms are strong, then the only possible attack is to stop the communications.

Protection for client, server, packets

Question 29

Ways to use IPsec

Answer 29

• end-to-end security
• basic VPN
• end-to-end security with basic VPN
• secure gateway
• secure remote access

Question 30

End-to-end security

Answer 30

IPsec active between the end nodes -> transport mode SA (packets protected just when they exit the end device)

pros
* security is implemented independently from the rest of the network so the only possible attack is DoS
* it is possible to aauthenticate the single device and not just the gateways

cons
* IPsec must be installed on both the end devices and that means that they need to have high computational power
* efficient management system if the devices implementing IPsec are a lot
* If confidentiality has been implemented in the channel, the local network manager
cannot go and monitor the traffic. IDSs have to be directly on the nodes otherwise they cannot inspect packets due to their encryption

Question 31

Basic VPN

Answer 31

IPsec modules are placed on the gateways that are protecting the internal network -> tunnel mode SA: packets that go from a net to the other are encapsulated

This strategy is based on an important hypothesis, namely that a part of the network is considered trustworthy

pros
* just GWs need to have high computational power
* GWs take care of the management part (easier than the end-to-end security)
* possible traffic inspection by an IDS placed in the LAN (before the gateway)

cons
* GWs could be overloaded so they need powerful CPUs or hardware accelerators
* Only the gateways are authenticated because it is no more possible to authenticate the single device that belongs to the internal network

Question 32

End-to-end security with basic VPN

Answer 32

This is an implementation of the defense in depth principle.

There is a secure virtual channel in transport mode between the end devices and there is another one in tunnel mode between gateways.

The first one takes care of integrity and authentication; the second one takes care of encapuslation.

pros
* work division
* defense in depth
* possible packets inspection with IDS
* possible authentication of each device

cons
* difficult management: maximum number of end to end devices and gateways -> high computational power

Question 33

Secure gateway

Answer 33

This solution is implemented for mobile users.

There is a secure virtual channel in tunnel mode between the user-device and the gateway (owned by the relative company).

The gateway performs authentication and authorization.

Question 34

Secure remote access

Answer 34

This solution is implemented for mobile users and differs from the secure gateway solution because there is a second line of defense.

There is a secure virtual channel in tunnel mode between the user-device and the gateway (owned by the relative company) for authN and authZ + secure virtual channel in transport mode that takes care of encryption and that transport the traffic from the user to the final device.

Question 35

VPN concentrator

Answer 35

It is a special-purpose hardware that acts as a tunnel terminator.
It is used in the site-tp-site VPN application and in the remote access one.

HW = low cost && high performance

Question 36

IPsec: main characteristics

Answer 36

• only for unicast packets
• it requires high computational power
• it uses pseudo-protocols to encapsulate IP packets: AH and ESP
• it can be used both in transport mode and in tunnel mode
• it provides as security properties: data integrity and data authentication when computing the keyed digest with a shared key + sender authentication when creating the SA + payload confidentiality
• non-repudiation is NOT an IPsec feature (symmetric crypto is used)
• it is based on the creation of a secuity association SA
• it provides a key management system
• good for “closed” groups (for example good to be used between two companies)

Question 37

IPsec: transport mode and tunnel mode

Answer 37

Transport mode
It is used by hosts and not by GWs. The packet is cut in between the L3 and L4 headers and between hem the IPsec header is inserted. The only thing tht won’t be encrypted is the L4 header that will indicate that it is containing a IPsec packet.
* light process
* no protection for header variable fields

Tunnel mode
It is used just by GWs (≠ routers! The correct term is gateway because it is the contact point between the secure net and the dangerous one).
To the original packet two things are added: the IPsec header and the tunnel header
* heavy process, in fact it is just used to the board of the secure net
* a complete protection is given to the packets

Question 38

IPsec: which security properties do AH and ESP provide?

Answer 38

Authentication Header - AH: integrity + authentication + protection against replay attacks

Encapsulating Security Payload - ESP: AH functions + payload confidentiality

Question 39

IPsec: replay attacks

Answer 39

Both AH and ESP packets in IPsec have a seuqenze number that is initialized at the SA creation and that goes on till the value 2^N - 1. When that value is reached a new SA has to be negotiated.
Since L3 is not secure and it is not sure that all the packets arrive, IPsec implements a window to keep track of the arrived packets BUT THIS WINDOW DOESN’T GIVE PROTECTION FOR DUPLICATION OR CANCELLATION. The big difference from TCP window is that the IPsec one KEEPS TRACK OF THE LAST N PACKETS ARRIVED OR NOT.

If the communication is based on TCP every packet can be accepted, if it is based om UDP it is better to discard it. Reject a packet only slows down the communication but doesnt cause problems with security.

Question 40

IPsec: what security properties does it provide?

Answer 40

• data authentication, data integrity because a keyed digest is computed
• sender authentication because the keyed digest is computed base on a shared key and because a Security Association SA is created after the peer has authenticated itself (via digital signature, public key mehcanisms, etc…).
• packets confidentiality: packet payload is encrypted using a symmetric algorithm and a shared key

Question 41

IPsec: SA

Answer 41

A Security Association is a unidirectional logic connection between two systems, both immplementing IPsec. When a bidirectional communication is needed, two separate SAs are required. Often they have both the same features.

At the SA creation authN is needed. It can be done via:
* digital signature: when using this method there is non-repudiation but just related to the channel creation and not to the traffic cause it uses symmetric crypto
* public key encryption
* pre-shared key: it can be used only with static IP addresses because this method uses IP addresses for authentication and this leads to a problem when using dynamic IP assignation

A SA is managed through two different databases:
* SPD (Security Policy DB): it contains a list of security policies to apply to different packet flows when creating an SA
* SAD (SA DB): it contains the list of active SAs and their characteristics (algo, keys, parameters). Each SPI field refers to one of its rows.

Question 42

RFC-4308: VPN-A and VPN-B

Answer 42

VPN - A: ESP with 3DES - CBC and HMAC-SHA1-96

VPN - B: ESP with AES-128-CBC and AES-XCBC-MAC-96

Question 43

IPsec: v3

Answer 43

• ESP is mandatory and AH is optional -> VPN a and B (cryptosuites) use ESP
• Traffic Flow Confidentiality - TFC: it is implemented in ESP and it consists in pudding an additional padding in between the payload and the standard padding. This is done to not discolse the real packet size
• introduction of the Dummy packets, encrypted:
• multicast
• the support for AEAD is added
• Extended Sequence Number

Question 44

IPsec: key management and all related protocols

Answer 44

All the peers that use IPsec need to be provided of a symmetric key that will be used for authN, integrity, confidentiality (eventually).

This key can be distributed OOB or using protocols such as OAKLEY: it provides authenticated exhcange of symmetric keys

This OAKLEY protocol can be used together with ISAKMP that is a protocol that takes care of the procedures to negotiate, set-up, modifiy, delate a Security Association but doesn’t take care of key exchange.

OAKLEY and ISAKMP are both contained in the IKE protocol - Internet Key Exhcange: it consists in creating an initial SA to protect the ISAKMP exchange.
* IKE phase 1: negotiation of a bidirectional ISAKMP SA that can be done in main mode or aggressive mode; the second one does not protect peers’ identities (the identity corresponds to the owner of the key and not to the peer IP)
* IKE phase 2: negotiation of the IPsec SAA in quick mode

Question 45

IP insecurities: list

Answer 45

• addresses are not authenticated
• packets have not authentication, integrity, confidentiality
• there are some “service” protocols that does not support IPsec: ICMP, DNS, RIP, …

Attacks:
* ARP poisoning
* TCP SYN flooding
* Routing tables attacks
* Fraggle attack
* Smurfing attack
* ICMP attacks

Question 46

ARP poisoning

Answer 46

Its problems derive from IP insecurities.

ARP is the Address Resolution Protocol and it is used to discover L2 addresses using L2 ones. Discovered addresses are contained in the ARP tables.

The problem is that nodes accept ARP replay even if they did not send any request. If what they save in their table is wrong, this can be dangerous.
This happens also because most of the nodes do not check that the L2 address inside the ARP packet is coincident with the source field of the 802.3 packet

Question 47

Fraggle Attack and Smurfing Attack

Answer 47

• Fraggle: UDP
• Smurfing: ICMP

A echo request is sent:
* src: A
* dst: broadcast

Each node in the broadcast net will send a echo replay to A that will die

Solution: reject broadcast packets

Question 48

ICMP attacks

Answer 48

Service protocol based on IP: it derives its insecurities

Internet Control Management Protocol
* no authentication
* no broadcast

ICMP functions:
* echo request and replay -> DoS
* destination unreachable -> DoS
* source quench -> DoS cause it indicates that the router buffer is full so the communication is slown down
* redirect: A MITM intercepts a packet from host A directed to another host and responds in advance with an ICMP redirect to itself
* time exceeded for a datagram -> DoS

Question 49

TCP SYN flooding and solutions

Answer 49

To open a TCP connection, that is over IP, there is a three way handsahe: SYN SYN/ACK ACK.
The server has a table to know all the connections opened in that moment.
The problem is that this table contains also connections that were opened but not confirmed. These incomplete entries, if not deleted, can cause a DoS attack.
Generally, after 75 seconds (on avarage the time when half connections are opened), the server checks the table entries

Possible solutions:
- decrease the timeout to check the entries: risk to delete entries belonging to good but slow clients
- increase the table size -> useless cause the attacker can just increase the number of SYN to send
- put a SYN INTERCEPTOR router in front of the server that will just receive complete connections
- put a SYN MONITOR router in front of the server that kills the pending connections
- use SYN COOKIES: a cookie is a keyed digest and the idea is to store the state connection inside the client and not inside the server. The client sends a SYN and the server responds with a cookie that the client will then oresent to the server to connect

Question 50

DNS shadow server

Question 51

DNS flash crowd

Answer 51

It is a DoS attacks: there are thousands of clients that ae asking for some resolutions to the same nameserver which gets blocked. If it gets blocked that means that all the domains related to the server will be unreachable.

Question 52

DNS cache poisoning

Answer 52

Each domain has a nameserver.

This attack can be performed in two different ways:
* between a bad nameserver and a client: a client asks for the nameserver of a domain and receives back as response the right response and some additional and dangerous infos too. If the client is not secure it will store those infos.
* between a good recursive nameserver and a bad DNS client: The v2 consists in making a query and immediately providing, before the NS is able to solve it, the answer (false) to put it in the cache of the victim. The true answer, which will come late, will be discarded. -> IP spoofing too

Question 53

DNS: attacks and insecurities

Answer 53

TODO

Question 54

DNS: name-address translation mechanism

Answer 54

TODO

Question 55

DNS: fundamental characteristics

Answer 55

The DNS system takes care of translating human-friendly domain names into IP addresses and vice versa.
* The system has multiple servers in a hierarchical disposition.
* queries are sent ove rport 53/UDP and zone transfers over 53/TCP
* insecurities comes also from the usage of UDP

Hierarchy
* Root DNS Servers: they are at the top of the DNS hierarchy and are primarily responsible for directing queries to the appropriate Top-Level Domain (TLD) servers. Root servers do not know the IP addresses associated with domain names; they only know where to direct queries for different TLDs (like .com, .net, or .org). There are a fixed number of root servers (13 clusters around the world).
* Top-Level Domain (TLD) DNS Servers: they handle requests for specific TLDs. For instance, there are specific TLD servers for .com domains, .edu domains, etc. When a root server receives a query, it directs that query to the appropriate TLD server based on the extension of the domain name.
TLD servers can direct queries further down the chain, pointing to the authoritative servers responsible for specific domain names.
* Authoritative DNS Servers: they hold the actual DNS records for a domain, such as the IP addresses, mail servers (MX records), and other necessary data that allows the internet to understand how to route traffic for a specific domain. When a query reaches an authoritative DNS server, it can respond with the exact answer, or if the requested record is not in its database, it will respond with an error.

Question 56

DNSsec: idea, problems for the implementations and its problems

Answer 56

DNS security is thought to be base on the introduction of DNS records digital signature to not permit the creation of faking response. This requires the presence of an infrastructure that defines which server has the autority to sign an answer and the presence of certificates too.

Question 57

Do we have non-repudiation in IPsec?

Answer 57

Just and only related to SA creation

Question 58

IPsec keyed digest and variable fields

Answer 58

An IP packet contains fields that change their value when going from sender to receiver.
To compute a keyed digest this fields are ignored and this means that NAT cannot be used

Question 59

IPsec v3 algorithms

Answer 59

TODO

Question 60

• ISAKMP - Internet Security Association and Key Management Protocol:

Question 61

AH

Answer 61

It is a pseudo protocol used by IPsec that provides data authentication, data integrity, sender authentication and, just in the second version, partial protection from replay attacks thanks to the sequence number field.

AH security is based on the computation of a keyed digest using MD5 or SHA-1. In the second version these two algorithms provide a 96 bit long digest. This is a trade off between network and security fields requirements.

The AH header, that is added to the IPsec paacket, is made of:
* next header: to implement header chaining
* length: 1 Byte
* reserved
* SPI: Security Parameter Index, it is related to a SAD row, 32 bit
* sequence number:
* ICV: Integrity Check Value, 4 Bytes Words. To have the same ICV at sender and receiver they have to perform the nromalization of the AH header process

Normalization
* TTL and Hop Limit are reset
* If there is a Routing header: its destination field and its content will be set to the values that they will have at destination

Question 62

How is a ESP/AH packet treated when it arrives to destination?

Answer 62

1. the AH/ESP header is extracted from the packet
2. two fields are extracted from this header: the SPI and the ICV
3. the SPI is used for computing the new ICV: thanks to the SPI index the right parameters and everything are taken from the SAD database and are applyed to the NORMALIZED packet
4. the recived ICV and the computed one are compared

Question 63

ESP

Answer 63

TODO

Question 64

IP routing (in)security

Answer 64

Routing tables have low security and modifications are easy to apply.

An optional protection via a keyed digest could be used but there is the problem of key distribution and management.

Question 65

Ping flooding, what it is and how to defend. yourself so as not to alter the normal tcp / ip traffic

Answer 65

It is a DoS attack in which ICMP Echo Request messages are sent massively without waiting for a response; as with all DoS attacks, there is no definitive countermeasure, but only palliative remedies based on the quantitative approach to mitigate the effects:
* monitoring: an attempt is made to detect any anomalies (eg use of CPU and network resources), even if they could originate from simple malfunctions;
* oversizing: the system is designed to withstand more load than is normally required, so in the event of a DoS attack the system resists for some time, allowing time to identify the source of the attack.Pingflooding,whatitisandhowtodefendyourselfsoasnottoalterthenormal tcp / ip traffic
it is a DoS attack in which ICMP Echo Request messages are sent massively without waiting for a response; as with all DoS attacks, there is no definitive countermeasure, but only palliative remedies based on the quantitative approach to mitigate the effects:
* monitoring: an attempt is made to detect any anomalies (eg use of CPU and network resources), even if they could originate from simple malfunctions;
* oversizing: the system is designed to withstand more load than is normally required, so in the event of a DoS attack the system resists for some time, allowing time to identify the source of the attack.

Question 66

Describe sniffing and at least two ways of doing it.

Answer 66

By sniffing we mean the detection of packets in transit in a network and their analysis to steal sensitive information; in order to counteract it, packet encryption is required. It can be done both logically, by analyzing the traffic in a network to which you have access, and physically, by inserting a device (e.g. switch) in the network connections

Question 67

IPsec in transport mode with ESP: which security measures are allowed (indicate the mandatory and optional ones) and how are they implemented?

Answer 67

• Package integrity and authentication: keyed-digest
• Payload confidentiality only: symmetric encryption
• Partial replay protection: sequence number
• Integrity + authentication (VPN-A) and encryption (VPN-B) are optional, meaning you can only have one of the two.

Question 68

SA in transport-mode of IPsec ESP type, security properties, say which security properties are mandatory and which are not (explanation)

Answer 68

Package integrity and authentication: keyed-digest
Payload confidentiality only: symmetric encryption
Partial replay protection: sequence number
Integrity + authentication (VPN-A) and encryption (VPN-B) are optional, meaning you can only have one of the two.

Question 69

ESP: describe the procedure, the transformations, how the requested information is obtained.

Answer 69

Add a 64-bit IV, a padded payload, whose length is specified. In addition, the payload type is also encrypted. The whole package is authenticated. Not everything is encrypted, but only payload, padding length and payload type.