[NRG] Notification: PROVIDE: Hiding from Automated Network Scans with Proofs ... @ Mon Oct 17, 2016 11am - 12pm (NRG at BU)

Google Calendar calendar-notification at google.com
Wed Oct 12 11:00:06 EDT 2016


This is a notification for:

Title: PROVIDE: Hiding from Automated Network Scans with Proofs of Identity  
(Wil Koch)
Abstract:

Network scanners are a valuable tool for researchers and administrators,  
however they are also used by malicious actors to identify vulnerable hosts  
on a network. Upon the disclosure of a security vulnerability, scans are  
launched within hours. These opportunistic attackers enumerate blocks of IP  
addresses in hope of discovering an exploitable host. Fortunately,  
defensive measures such as port knocking protocols (PKPs) allow a service  
to remain stealth to unauthorized IP addresses. The service is revealed  
only when a client includes a special authentication token (AT) in the  
IP/TCP header. However this AT is generated from a secret shared between  
the clients/servers and distributed manually to each endpoint. As a result,  
these defense measures have failed to be widely adopted by other protocols  
such as HTTP/S due to challenges in distributing the shared secrets.

In this talk we propose a scalable solution to this problem for services  
accessed by domain name. We make the following observation: automated  
network scanners access servers by IP address, while legitimate clients  
access the server by name. Therefore a service should only reveal itself to  
clients who know its name. Based on this principal, we have created a proof  
of the verifier's identity (a.k.a. PROVIDE) protocol that allows a prover  
(legitimate user) to convince a verifier (service) that it is knowledgeable  
of the verifier's identity. We present a PROVIDE implementation using a PKP  
and DNS (PKP+DNS) that uses DNS TXT records to distribute identification  
tokens (IDTs) while DNS PTR records for the service's domain name are  
prohibited to prevent reverse DNS lookups. Clients are modified to make an  
additional DNS TXT query to obtain the IDT which is used by the PKP to  
generate an AT. The inclusion of an AT in the packet header, generated from  
the DNS TXT query, is proof the client knows the service's identity. We  
analyze the effectiveness of this mechanism with respect to brute force  
attempts for various strength ATs and discuss practical considerations.
When: Mon Oct 17, 2016 11am – 12pm Eastern Time
Where: MCS 148
Calendar: NRG at BU
Who:
     * Cody Doucette - creator

Event details:  
https://www.google.com/calendar/event?action=VIEW&eid=NTI3MmR0M3QxdDF1bWlpaXRkYm1sM3A5ODQgNTYwam42bnQ1aGo0b2YzcnNyaWNoZnB0aW9AZw

Invitation from Google Calendar: https://www.google.com/calendar/

You are receiving this email at the account nrg-l at cs.bu.edu because you are  
subscribed for notifications on calendar NRG at BU.

To stop receiving these emails, please log in to  
https://www.google.com/calendar/ and change your notification settings for  
this calendar.

Forwarding this invitation could allow any recipient to modify your RSVP  
response. Learn more at  
https://support.google.com/calendar/answer/37135#forwarding
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cs-mailman.bu.edu/pipermail/nrg-l/attachments/20161012/173bcf1f/attachment.html>


More information about the NRG-L mailing list