图1. 美国NSA和英国GCHQ联合计划MUSCULAR中,NSA和GCHQ绕过TLS加密,在云端监听后端的明文通信。

Continue reading

Posted in 杂文 | Comments Off on NSA如何窃听Google的加密流量——当HTTPS遇到CDN



2015年12月29日,新年将至,网络安全研究国际学术论坛(International Forum for Security Research, InForSec)在清华大学网络科学与网络空间研究院迎来了创立以来的第二次活动。活动邀请了来自美国乔治亚大学(University of Georgia)的李康教授为我们带来一场精彩的报告。
Continue reading

Posted in 网络安全 | Comments Off on 李康:自动检测云平台和系统软件中的缺陷(附slides)


Dr. Zhiyun Qian at the Computer Science and Engineering department in University of California Riverside is hiring multiple motivated PhD students in the area of system and network security. Qian’s work has led to security flaws discovered in Android, Linux, Mac, and firewall vendors such as Check Point. The projects are not only published in top-tier security conferences but also frequently covered by major tech news. More details can be found in his webpage is at http://www.cs.ucr.edu/~zhiyunq/.

Any students with strong background on the system and/or networking knowledge, or with good programming or reverse engineering skills are encouraged to apply. Security background, static or dynamic program analysis, or formal verification experiences are not required but big pluses. If you are interested in practical security problems and enjoy hacking, the position would be an excellent fit. Students with Bachelor or Master degrees are both welcome to apply. All applications need to be submitted through the official admission website. However, if you have questions or are really interested in the research topics and want to introduce yourself, you can drop your CV and transcript (unofficial is fine) at zhiyunq@cs.ucr.edu.

Posted in 网络安全 | Comments Off on 美国加州大学Riverside钱志云教授招安全方向博士生

通过检测路由循环发现路由泄露(SecureComm 2015, Oct. 26-29)


摘要: 路由泄露(Route leaks)对域间路由是严重的安全问题,近年来各种规模的路由泄露事故给网络运营者造成了愈来越多的麻烦。路由泄露可以导致流量被重定向到管理者或用户不希望经过的网络,从而带来中间人攻击的风险。不像其他前缀劫持(Prefix Hijacking)攻击(攻击者对外宣告伪造的路由),路由泄露都是真实合法的,只是破坏了BGP邻居之间的路由政策(Routing Policy) 。由于路由政策通常都是保密的,因此检测互联网上的路由泄露是个挑战性的问题。我们在本文中揭示了路由循环和路由泄露之间的联系,发现有些路由泄露会导致路由循环,因此通过检测路由循环可以识别路由泄露。我们通过理论分析证实了这一推测,并且进而提出了一种检测机制,可以检测泄露的路由和作恶的自治系统(AS)。我们的检测机制不要求知道路由政策,只需被动的监控BGP路由,这种轻量级的方法比较容易部署。评估结果证实,我们的机制每天可以检测互联网大量的路由泄露。

关键词: AS relationship, Routing policies, Route leaks, Routing loops, Identification

PDF Download

Posted in 科技论文, 网络安全 | Tagged , , | Comments Off on 通过检测路由循环发现路由泄露(SecureComm 2015, Oct. 26-29)

Route Leaks Identification by Detecting Routing Loops, SecureComm2015

Song Li, Haixin Duan, Zhiliang Wang, and Xing Li, Tsinghua University

Abstract  Route leaks have become an important security problem of inter-domain routing. Operators increasingly suffer from large-scale or small-scale route leak incidents in recent years. Route leaks can redirect traffic to unintended networks, which puts the traffic at risk of Man-in- the-Middle attack. Unlike other security threats such as prefix hijacking that advertises bogus BGP route, route leaks announce routes which are true but in violation of routing policies to BGP neighbors. Since the routing policies are usually kept confidential, detecting route leaks in the Internet is a challenging problem. In this paper, we reveal a link between routing loops and route leaks. We find that some route leaks may cause routing loops. Hence detecting routing loops is expected to be able to identify route leaks. We provide theoretical analysis to confirm the expectation, and further propose a detection mechanism which can identify the leaked route as well as the perpetrator AS. Our mechanism does not require information about routing policies. It passively monitors BGP routes to detect route leaks and hence it is lightweight and easy to deploy. The evaluation results show that our mechanism can detect a lot of route leaks that occur in the Internet per day.
Key words: AS relationship, Routing policies, Route leaks, Routing loops, Identification

PDF Download

Posted in Papers | Tagged , | Comments Off on Route Leaks Identification by Detecting Routing Loops, SecureComm2015

Cookie缺乏完整性对现实网络的威胁(Usenix Sec 2015)

Xiaofeng Zheng, Jian Jiang, Jinjin Liang, Haixin Duan, Shuo Chen, Tao Wan, and Nicholas Weaver

Cookie在HTTP协议中用于状态管理,对Web应用非常重要。然而,现有协议和浏览器的实现中,对Cookie的完整性缺乏有效的保护。攻击者通过中间人的方式可以通过明文的HTTP会话注入Cookie,覆盖或屏蔽后续HTTPS加密会话中使用的Cookie。除了中间人方式,Web攻击者还可以通过域名相关的网站实现这种攻击。尽管这种攻击以前已经被业界所知,但是并没有深入的研究。我们的论文通过深入的实证研究展示这种攻击的原理、危害和现实世界中漏洞存在的普遍性。我们发现世界上许多重要的网站(包括Google, Bank of America, Amazon等)都存在Cookie注入攻击的风险,同时也发现许多主流的浏览器(包括Chrome, Firefox, Safari)的实现上也存在一些漏洞使这一威胁更加严重。我们在许多重要的应用中展示了这种攻击的后果,包括在线账号劫持、隐私泄露、支付劫持,给用户带来直接的财务损失。最后我们讨论了各种防范或降低这种攻击风险的措施,包括 部署HSTS、修补浏览器,以及我们自己开发的一个浏览器扩展,它实现了Cookie在HTTP和HTTPS传输中更加严格的隔离。

Presentation Slides

Posted in 网络安全 | Comments Off on Cookie缺乏完整性对现实网络的威胁(Usenix Sec 2015)

Cookies Lack Integrity: Real world (Usenix Sec2015)

A cookie can contain a “secure” flag, indicating that it should be only sent over an HTTPS connection. Yet there is no corresponding flag to indicate how a cookie was set: attackers who act as a man-in-the-midddle even temporarily on an HTTP session can inject cookies which will be attached to subsequent HTTPS connections. Similar attacks can also be launched by a web attacker from a related domain. Although an acknowledged threat, it has not yet been studied thoroughly. This paper aims to fill this gap with an in-depth empirical assessment of cookie injection attacks. We find that cookie-related vulnerabilities are present in important sites (such as Google and Bank of America), and can be made worse by the implementation weaknesses we discovered in major web browsers (such as Chrome, Firefox, and Safari). Our successful attacks have included privacy violation, online victimization, and even financial loss and account hijacking. We also discuss mitigation strategies such as HSTS, possible browser changes, and present a proof-of-concept browser extension to provide better cookie isolation between HTTP and HTTPS, and between related domains.


Posted in Uncategorized | Comments Off on Cookies Lack Integrity: Real world (Usenix Sec2015)



首先解释一下,”.XXX”这种域名不是任何国家的ccTLD, ccTLD都是两个字母(管理政策由这个国家制定)。尽管XXX是三个字母,但它也不是普通的gTLD(如.com, .net,它们的管理政策由ICANN制定),它叫sTLD(Sponsored TLD,由赞助它的公司或community来制定管理政策)。
Continue reading

Posted in 历史和人物, 技术与文化, 网络安全 | Comments Off on .xxx域名在icann讨论被美国一票否决的案例


2014年6月24日的《人民日报》上说:“目前美国掌握着全球互联网13台域名根服务器中的10台。理论上,只要在根服务器上屏蔽该国家域名,就能让这个国家的国家顶级域名网站在网络上瞬间“消失”。在这个意义上,美国具有全球独一无二的制网权,有能力威慑他国的网络边疆和网络主权。譬如,伊拉克战争期间,在美国政府授意下,伊拉克顶级域名“.iq”的申请和解析工作被终止,所有网址以“.iq”为后缀的网站从互联网蒸发。 ”[1]类似的说法也出现在一些严肃的学术文章中[8]。


Continue reading

Posted in 历史和人物, 技术与文化, 杂文, 科技论文, 网络安全 | Comments Off on 伊拉克域名IQ被美国删除的背后以及早期的根域名管理

当HTTPS遇到CDN: 授权服务中的认证实例

内容分发网络(CDN)和HTTPS是当前互联网中广泛使用的Web技术,目前对这两种技术的研究是相互独立的,本文把这两种技术结合在一起进行了系统性的研究。我们调研了世界20个主流的CDN服务提供商和10,721个使用HTTPS的热门网站,揭示出当前HTTPS在CDN部署中的许多问题,比如无效证书、共享私钥(Private Key)、无视撤销的证书、CDN后端不安全的通信等等。有些问题只是操作问题,但是有些问题源于多方授权服务中,HTTPS的端到端特性和CDN中间人特性之间产生了冲突。

为解决这一HTTPS在CDN服务中的授权问题,我们提出并实现了一个基于DANE的轻量级的解决方案,DANE(DNS-based Authentication of Named Entities)是IETF 制定的标准以完善Web 网站的PKI信任模型。我们的实现表明,在CDN环境下实现安全、高效的HTTPS通信是可行的,同时也希望推进CDN和安全领域中进一步的研究,希望有更加有效的解决方案。

我们的研究受到工业界的广泛关注,目前Akamai、CloudFlare、Amazon、Incapsula等公司已经积极地联系我们,CloudFlare 公司在得到我们论文后很快推出了更加安全的服务 Strict SSL

论文发表于国际顶级学术会议IEEE Symposium on Security and Privacy 2014

Posted in 科技论文, 网络安全 | Comments Off on 当HTTPS遇到CDN: 授权服务中的认证实例