Page 312 - 5G Basics - Core Network Aspects
P. 312

1                                                Core network aspects


            RST packets, it terminates the data transmission to the victim, or at least it can reduce the number of data
            transmissions. Therefore, to a certain degree, this method can prevent the flooding attacks.

            In addition, to deal with this type of attack, reachability should be checked before the MPT sender sends data
            through a new path of an existing multi-path transmission connection. In this solution, before transmitting
            packets, the source S sends a request message to ask if the victim is willing to accept packets from the path
            identified by source S’s own IP address and the victim's IP address. Since there is no such path belonging to
            the victim, the victim would reject the request from source S. Source S then would not to send packets to the
            victim. These and other methods can prevent the flooding attacks described in this clause.
            10.2.2  Hijacking attacks

            Hijacking  attacks  occur  when  an  attacker  takes  over  a  path  belonging  to  the  multi-path  transmission
            connection between a victim and its peer node, and then intercepts the packets from the victim.
            Before a hijack attack begins, a multi-path transmission connection is established between the victim and
            the peer. After the attacker learns the 4-tuple that identifies the transport layer connection between the
            victim and its peer, the attacker poses as the peer but uses its own IP address to establish another path with
            the victim. After completing this step, the attacker is naturally participating in the communication between
            the victim and the peer. When the victim transmits data packets through the two paths, perhaps not all, but
            at least part of the packets from the victim are sent to the attacker.
            In the communication process, the victim of the hijacked path believes that it is sending data packets to its
            peer; it is in fact communicating with the attacker and the peer simultaneously. At the same time, the peer
            does not receive all of the packets sent by the victim, which may lead to some negative effects. For example,
            this may result in a denial of service (DoS) attack since the partial data sent to the peer will stop waiting for
            the missing data sent to the attacker. The following are some available approaches for preventing hijacking
            attacks to a degree.
            1)      Cookie-based solution

                    During the establishment of the first path between the victim and its peer, a cookie can be agreed
                    on by each party. This cookie is added in every control packet used to establish other paths in the
                    future. In order to initiate hijacking attacks, the attackers must obtain the cookie. Thus the cookie-
                    based approach prevents off-path attackers from launching hijacking attacks; it cannot prohibit on-
                    path attackers.

            2)      Shared secret exchanged in plain text
                    This protection process is similar to that of the cookie-based approach, but is more secure. The
                    difference  is  the  exchange  of  a  key  in  plaintext  during  the  establishment  of  the  first  path.
                    Subsequent establishment requests of other paths again validate the new path by using a keyed
                    hashed message authentication code (HMAC) signature using the shared key. Since the shared key
                    only transmits during the establishment of the first path, attackers that sniff (record) packets after
                    the first path has already been established would not successfully launch an attack. However, for
                    attackers sniffing or modifying the messages exchanged during the establishment of the first path,
                    this solution can hardly provide effective protection.
            3)      Strong crypto anchor exchange
                    To  achieve  more  effective  protection,  in  this  approach,  the  communication  endpoints  would
                    exchange some strong crypto anchor, other than a key in plaintext, while establishing the first path.
                    A public key or a hash-chain anchor can be the strong crypto anchor. After the communication
                    endpoints agree on the anchor, they can exchange packets which are encrypted by the shared crypto
                    anchor through the first path. Actually, if the attacker wants to launch a hijacking attack, it would
                    be necessary to change the crypto anchor exchanged in the path establishment phase. But, if the
                    endpoints communicate directly, the modify operations can be detectable.







            302
   307   308   309   310   311   312   313   314   315   316   317