{"title":"网络协议实现中的访问控制漏洞:攻击者如何利用它们以及如何应对","authors":"Daniel Ricardo dos Santos","doi":"10.1145/3589608.3593817","DOIUrl":null,"url":null,"abstract":"Authentication and access control mechanisms should verify the identity of users of a system and ensure that these users only act within their intended permissions. These mechanisms, alongside audit or intrusion detection, have been called the \"foundation for information and system security'' [8]. There has been a large amount of research proposing authentication and authorization mechanisms for network protocols and devices used in Operational Technology (OT) and the Internet of Things (IoT) [7]. Although these devices run our critical infrastructure, most of them still rely on simple password-based mechanisms to prevent unauthorized operations [1]. More worryingly, even these simple mechanisms often have flawed implementations, allowing malicious actors to bypass them [6]. this talk, I will discuss several findings from our research into vulnerabilities in network protocol implementations of IoT, OT and IT systems, giving special attention to those stemming from flawed authentication and access control implementations. Examples include buffer overflows when processing user credentials, use of weak cryptography, credentials transmitted in plaintext, hardcoded credentials, authentication bypasses via MAC or IP spoofing, client-side authentication, missing critical steps in authentication, insufficient session expiration and message parsing before establishing a peer's identity. These issues were identified in implementations as diverse as embedded TCP/IP stacks [2,3], routing suites and engineering protocols for OT devices from major vendors [9]. This type of vulnerability enables attackers to take devices offline, manipulate their operational parameters, and in many cases execute arbitrary code. I will also present statistics from a set of OT- and IoT-specific honeypots about attacks exploiting authentication bypasses, brute forcing passwords and leaking credentials. These statistics show that the most common initial access technique for these systems consist of the exploitation of remote management protocols by guessing or leaking either generic or application-specific credentials [4]. Finally, I will discuss the importance of collaborative threat intelligence and modern network access control as methods to prevent, detect and respond to such attacks [5].","PeriodicalId":124020,"journal":{"name":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","volume":"90 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Access Control Vulnerabilities in Network Protocol Implementations: How Attackers Exploit Them and What To Do About It\",\"authors\":\"Daniel Ricardo dos Santos\",\"doi\":\"10.1145/3589608.3593817\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Authentication and access control mechanisms should verify the identity of users of a system and ensure that these users only act within their intended permissions. These mechanisms, alongside audit or intrusion detection, have been called the \\\"foundation for information and system security'' [8]. There has been a large amount of research proposing authentication and authorization mechanisms for network protocols and devices used in Operational Technology (OT) and the Internet of Things (IoT) [7]. Although these devices run our critical infrastructure, most of them still rely on simple password-based mechanisms to prevent unauthorized operations [1]. More worryingly, even these simple mechanisms often have flawed implementations, allowing malicious actors to bypass them [6]. this talk, I will discuss several findings from our research into vulnerabilities in network protocol implementations of IoT, OT and IT systems, giving special attention to those stemming from flawed authentication and access control implementations. Examples include buffer overflows when processing user credentials, use of weak cryptography, credentials transmitted in plaintext, hardcoded credentials, authentication bypasses via MAC or IP spoofing, client-side authentication, missing critical steps in authentication, insufficient session expiration and message parsing before establishing a peer's identity. These issues were identified in implementations as diverse as embedded TCP/IP stacks [2,3], routing suites and engineering protocols for OT devices from major vendors [9]. This type of vulnerability enables attackers to take devices offline, manipulate their operational parameters, and in many cases execute arbitrary code. I will also present statistics from a set of OT- and IoT-specific honeypots about attacks exploiting authentication bypasses, brute forcing passwords and leaking credentials. These statistics show that the most common initial access technique for these systems consist of the exploitation of remote management protocols by guessing or leaking either generic or application-specific credentials [4]. Finally, I will discuss the importance of collaborative threat intelligence and modern network access control as methods to prevent, detect and respond to such attacks [5].\",\"PeriodicalId\":124020,\"journal\":{\"name\":\"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies\",\"volume\":\"90 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3589608.3593817\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 28th ACM Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3589608.3593817","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Access Control Vulnerabilities in Network Protocol Implementations: How Attackers Exploit Them and What To Do About It
Authentication and access control mechanisms should verify the identity of users of a system and ensure that these users only act within their intended permissions. These mechanisms, alongside audit or intrusion detection, have been called the "foundation for information and system security'' [8]. There has been a large amount of research proposing authentication and authorization mechanisms for network protocols and devices used in Operational Technology (OT) and the Internet of Things (IoT) [7]. Although these devices run our critical infrastructure, most of them still rely on simple password-based mechanisms to prevent unauthorized operations [1]. More worryingly, even these simple mechanisms often have flawed implementations, allowing malicious actors to bypass them [6]. this talk, I will discuss several findings from our research into vulnerabilities in network protocol implementations of IoT, OT and IT systems, giving special attention to those stemming from flawed authentication and access control implementations. Examples include buffer overflows when processing user credentials, use of weak cryptography, credentials transmitted in plaintext, hardcoded credentials, authentication bypasses via MAC or IP spoofing, client-side authentication, missing critical steps in authentication, insufficient session expiration and message parsing before establishing a peer's identity. These issues were identified in implementations as diverse as embedded TCP/IP stacks [2,3], routing suites and engineering protocols for OT devices from major vendors [9]. This type of vulnerability enables attackers to take devices offline, manipulate their operational parameters, and in many cases execute arbitrary code. I will also present statistics from a set of OT- and IoT-specific honeypots about attacks exploiting authentication bypasses, brute forcing passwords and leaking credentials. These statistics show that the most common initial access technique for these systems consist of the exploitation of remote management protocols by guessing or leaking either generic or application-specific credentials [4]. Finally, I will discuss the importance of collaborative threat intelligence and modern network access control as methods to prevent, detect and respond to such attacks [5].
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
