Collaborative Research: CNS Core: Small: Internet-Scale Measurement of TCP/IP Implementation Weaknesses

合作研究：CNS 核心：小型：TCP/IP 实施弱点的互联网规模测量

• 批准号: 2007741
• 负责人: Jedidiah Crandall
• 金额: $ 22.5万
• 依托单位: Arizona State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2023-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2007741&HistoricalAwards=false
• 关键词: Collaborative; Research; CNS; Core; Small

This project will uncover network protocol implementations that are common on the Internet and are susceptible to side channel attacks. This can have serious security implications for applications such as Virtual Private Networks (VPNs) and Domain Validation ((DV), that proves an organization owns an Internet domain such as www.example.com before issuing a certificate that the organization can present to web browsers as authentication). A side channel is a mechanism where information flows where it was not intended to flow according to the design of a system. An analogy might be a foreign government counting the number of pizza deliveries to the Pentagon and inferring last-minute planning for a big event when the number of pizzas increases sharply. In other contexts, side channels have led to fundamental breakdowns in the basic security mechanisms that separate processes in an operating system (see Meltdown and Spectre, which are vulnerabilities in the way computers enforce the most basic separation of security contexts), and have been used to crack even then strongest cryptography. The TCP and IP protocols lay the foundation for the Internet, but are known to be susceptible to side channels if certain requirements are not met. Requests for Comments (RFCs), (the documents that develop and define Internet standards) describe how, for example, certain numbers must be chosen in an unpredictable manner, or limiting the rate at which packets are sent must be applied in a specific way, in order to mitigate the effects of TCP/IP side channels. Failure to follow these RFCs undermines the most basic assumption of Internet security: that in order for an attacker to infer the existence of, interfere with, or inject their own data into a communication the attacker must control a part of the network in between the two parties that are communicating.Violating this basic assumption can be devastating for Internet users that are acting in the U.S.'s interest, such as journalists, activists, and non-governmental organizations (NGOs) overseas that use tunneling of some kind to bypass Internet controls in their own country. A major technical challenge that the project will address is to explore the astronomically large number of possibilities for how sequences of probes sent by researchers might result in predictable patterns in the responses given by different Internet hosts. Predictable patterns indicate a vulnerability because the security model assumes an attacker will not be able to guess the numbers that protocols use for sequencing and other purposes.This project combines expertise in network security and data mining to search the Internet for patterns where there should be none. Through a combination of carefully designed experiments to measure how Internet hosts respond to different combinations of probes, temporal data mining to uncover patterns, and an infrastructure for measuring the entire Internet longitudinally, the project will reveal how custom network stacks have created a situation where a significant fraction of Internet servers do not protect against side channel attacks. These custom TCP/IP implementations are commonly developed for the cloud, "middleboxes" such as load balancers and firewalls, and the Internet of Things. The proposed work will address this situation through the ethical disclosure process, engaging Internet standards bodies, and educating researchers and users about these threats. Educational activities and outreach will leverage the unique population of the Southwestern U.S. and the expertise of the PIs to support diversification of the field and workforce development.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目将揭示互联网上常见且容易受到旁道攻击的网络协议实现。 这可能会对虚拟专用网络 (VPN) 和域验证 ((DV)) 等应用程序产生严重的安全影响，域验证 (DV) 会在颁发组织可以向 Web 提供的证书之前证明组织拥有 Internet 域（例如 www.example.com）浏览器作为身份验证）。 侧通道是一种机制，信息可以根据系统的设计流向原本不应该流向的地方。 可以打个比方，外国政府计算向五角大楼运送的披萨数量，并在披萨数量急剧增加时推断出为大型活动做最后一刻的计划。 在其他情况下，侧通道导致了操作系统中分离进程的基本安全机制的根本性崩溃（请参阅 Meltdown 和 Spectre，它们是计算机强制执行最基本的安全上下文分离方式中的漏洞），并且已被使用破解甚至是最强的密码学。 TCP 和 IP 协议为互联网奠定了基础，但众所周知，如果不满足某些要求，它们很容易受到侧信道的影响。 征求意见 (RFC)（制定和定义互联网标准的文档）描述了如何必须以不可预测的方式选择某些数字，或者必须以特定方式限制数据包发送的速率，以减轻 TCP/IP 侧通道的影响。 不遵循这些 RFC 会破坏互联网安全的最基本假设：为了让攻击者推断通信的存在、干扰或将自己的数据注入通信中，攻击者必须控制两者之间的网络部分违反这一基本假设可能会对为美国利益行事的互联网用户造成毁灭性的影响，例如记者、活动人士和海外非政府组织 (NGO)，他们使用某种隧道来绕过互联网控制在他们自己的 国家。 该项目将解决的一个主要技术挑战是探索研究人员发送的探针序列如何在不同互联网主机给出的响应中产生可预测模式的可能性。 可预测的模式表明存在漏洞，因为安全模型假设攻击者无法猜测协议用于排序和其他目的的数字。该项目结合了网络安全和数据挖掘方面的专业知识，在互联网上搜索不应该有的模式。 通过精心设计的实验组合来测量互联网主机如何响应不同的探针组合、时态数据挖掘以发现模式，以及纵向测量整个互联网的基础设施，该项目将揭示定制网络堆栈如何创建这样一种情况：很大一部分互联网服务器无法防御旁道攻击。 这些自定义 TCP/IP 实现通常是为云、负载均衡器和防火墙等“中间盒”以及物联网开发的。 拟议的工作将通过道德披露流程、吸引互联网标准机构参与并对研究人员和用户进行有关这些威胁的教育来解决这种情况。 教育活动和推广活动将利用美国西南部的独特人口和 PI 的专业知识来支持该领域的多元化和劳动力发展。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准。

项目成果

Blind In/On-Path Attacks and Applications to VPNs

• 发表时间: 2021
• 作者: William J. Tolley;Beau Kujath;Mohammad Taha Khan;Narseo Vallina-Rodriguez;Jedidiah R. Crandall

Challenges and Opportunities for Practical and Effective Dynamic Information Flow Tracking

实用有效的动态信息流跟踪的挑战和机遇

• DOI: 10.1145/3483790
• 发表时间: 2023
• 期刊: ACM Computing Surveys
• 影响因子: 16.6
• 作者: Brant, Christopher;Shrestha, Prakash;Mixon-Baca, Benjamin;Chen, Kejun;Varlioglu, Said;Elsayed, Nelly;Jin, Yier;Crandall, Jedidiah;Oliveira, Daniela
• 通讯作者: Oliveira, Daniela

TSPU: Russia's decentralized censorship system

TSPU：俄罗斯的去中心化审查制度

• DOI: 10.1145/3517745.3561461
• 发表时间: 2022
• 期刊: ACM Internet Measurement Conference
• 作者: Xue, Diwen;Mixon-Baca, Benjamin;ValdikSS;Ablove, Anna;Kujath, Beau;Crandall, Jedidiah R.;Ensafi, Roya
• 通讯作者: Ensafi, Roya