Archive for the 'Network' Category Page 4 of 4

Newer Entries »
Apr 03

Attack graphs as a security tool

in Analysis and production, In Publications and Network. Comments Printable version Printable version

One main difficulty when dealing with network security is to determine the ramifcations of offering combined services. Services may be perfectly secure when used in standalone, but when combined with other services they may be vulnerable.

A simple example is the use of an FTP service to upload a php script that will be used to exploit a vulnerable php. Many tools, known as vulnerability scanners, scan the network to detect vulnerabilities and misconfigurations. Two famous scanners are Nessus or Retina. (I will make a post on them later).

Attack graphs are models where theses vulnerabilities reports are combined to identify vulnerables combinations. It is mainly used to identify the ramification of a vulnerability. It allows to built attack scenario where each vulnerability is a stepping stone used to launch further attacks.

This is a very interesseting approach that allows to determine the level of compromise that an attacker can obtains from a starting point. On the evil side it can be used to build an Icebreaker. Many tools and models have been developped since the paper “Using model checking to analyze Network vulnerability”.

A good introduction is the report from the MIT Lincoln Laboratory called “An annotated Review of Past Papers on Attack Graphs” by R. P. Lippmann an K.W. Ingols.
It is quite old since it was released on march 2005 but it was at this time pretty complete. An other good start point is the Threat Prediction modeling project of the CyLab of Carnegie Mellon University. In particular the PHD these of O. Sheyner called Scenario Graphs and Attack Graphs give the the basic to start.

Still quite confidential, attack graphs are a very interesting for anyone involved in network security

Feb 13

An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol article review

in Collection and research, In Publications and Network. Comments Printable version Printable version

This paper is a study of the Skype protocol. Because Skype protocol is not public, this study provides valuable information. This leak of transparency is against cryptographic security and provide legal and political issues

In particular this paper depict the architecture of the Skype network and help to understand how different it is from MSN or Yahoo messenger. I found the analysis of how Skype evade firewall clear. The only regret I have is that the diagram used in the first version is not present in the current version. It would have be nice to keep it and show the difference between the different versions of the protocol. Among the information reported, let’s note : The selfish behavior of Skype that eat all the resource it can and the fact that Skype does not allow a user to prevent its machine from becoming a super node. This show the darkside of this application.

As a final word I recommend any one who use or plan to use Skype to read this study because it present in a clear way the protocol behavior. The only unclear point left is how Skype generate the AES key used to encrypt its packets. It there a public/private key scheme or is it an IV along with user password ? Hope an other study will answer such question.

Detailed Information about this article (5w-1h report)

What it is

This is a experiment that aims to reverse engineer the Skype protocol. The version used is Windows Skype version 1.4.0.84. Information about the evolution of the protocol are also provided as the first version of the paper was on version 0.9 beta.

Why it is useful

Skype protocol is not public and encrypted, therefore the information provided by this article are valuable to understand how it works. In particular it explains how Skype bypass firewall.

Who write it

Salman A. Baset and Henning Schulzrinne from the computer science department of Columbia University.
Henning Schulzrinne is Professor of the the computer science department of Columbia University and Salman Abdul Baset is one of his Phd Students (2nd year).

Where it will be found

It will appears in IEEE Infocom 2006 and version is available on the authors page

When it was made

A first version of the work was availabe in 2004. The Infocom version was done in 2006.

How the studt was performed

To reverse the protocol , they use three different kinds of set up and a sniffer : Wireshark. They also use a bandwidth shaper (Ether peek) to experiment Skype behavior in low bandwidth context.

Here is a local copy of the article

Newer Entries »