Green-Aware Security
Download
Report
Transcript Green-Aware Security
HANDBOOK ON GREEN INFORMATION AND
COMMUNICATION SYSTEMS
Chapter 23:
Analysis and Development of GreenAware Security Mechanisms for Modern
Internet Applications
1Luca
Caviglione and
2,3Alessio
1ISSIA-CNR,
Merlo
Italy
2E-campus University, Novedrate, Italy
3DIST- University of Genoa, Italy
1
Energy consumption of SN and devices
Social Networks (SNs) are one of the big phenomenon of
Web 2.0, making Internet becoming always more an
Internet of People.
Users can ubiquitously access SN from different devices (laptop,
handheld devices, top box devices, …)
Access to SN is made through non standardized solutions.
Web 2.0 and SN also contribute in the increased
energy consumption of Internet that it is now
responsible for a relevant portion of CO2
emission.
2
Security issues in SN
Security in SN is a complex and cross-layer issue (from
network layer to application layer), due to:
the huge amount of personal data to protect;
the ubiquity of SNs.
Security in SNs is currently obtained by combining
heterogeneous (and often overlapping) specific security
solutions.
SN security is also not standardized and hard to evaluate;
security solutions waste resources due to their overlapping.
Security in SNs is nowadays also an energy
consumption issue.
3
Green Security and SNs
Thus, SNs combine an Energy-consumption problem
and a Security problem
By intersecting these two issues together with
architectural problems related to Web 2.0, a new
kind of “space” arise.
Green-Aware Security is a new research field
aimed at tackling this intersection.
4
Five Main Contributions
Introducing security issues of Web 2.0 (in the sense of
SN) at network layer;
Pointing out vulnerabilities and security flaws at
application layer of SNs applications;
Showing by example how focused attacks can exploit
vulnerabilities in SNs;
Formalizing the concept of energy-awareness for security
mechanisms;
Providing an early model of energy-consumption in terms
of security.
5
Mobile and social
The spread of SNs is spurred by a full mobility support,
allowing the user to access SNs through mobile devices,
desktop PC, set top boxes and so on;
In addition, access from mobile is constrained by battery
duration, which constitutes a new attack surface.
Moreover, access to SN is granted by heterogeneous and
often incompatible clients, thus resulting in a very
balkanized scenario.
Assessing security and possible threats is harder than in
other Web apps.
6
SNs in a nutshell
SNs are very popular since:
1. they allow to share user-generated contents in a
quick and simple way, also by providing the needed
hosting and authoring tools;
2. they offer different features to support user-touser communications (i.e. Instant Messaging);
3. they enable the creation of new software services
through a set of APIs.
7
SNs in a nutshell /2
4. current SNs are “open” (i.e., a user in a SN can
interact with similar platforms operated by
different providers);
5. they are highly interactive and they support realtime features;
6. as a consequence of a solid mobility support, many
SNs offer also localization services, making them
suitable to be used jointly with geo-tagged
information.
8
Main Security Hazards of SNs
Previous features increase also new security hazards:
1. simple distribution of personal information leading
to possible attacks à-la social engineering;
2. due to complex or incoherent privacy and security
settings, users can reveal their topographical
location, thus reflecting in breaches into physical
security as well;
9
Security Hazards in SNs /2
3. the joint utilization of different/specialized
services can bring to a new type of attacks based
upon multiple profile fusion. Also, such amount of
information can ease the automatic and massive
user profiling, thus reducing privacy;
4. accessing SNs from mobile devices, mostly
performed via the IEEE 802.11, accounts for
additional risks in terms of attacks due to the
joint utilization of weak security standards and
unencrypted application layer protocols
10
Security Hazards in SNs /3
5. since mobile devices are often battery operated, a
new class of battery-draining attacks arise;
5. the integration of third-party Web application can
lead to many possible hazards, and creates new
security breaches;
6. to provide the proper degree of interactivity and
sophisticated user-interfaces, specific design
patterns are adopted. But, they increase the risk
of attacks such as request forgeries;
11
Security Hazards in SNs /4
8. the availability of SN applications from a variety
of appliances (e.g., mobile gaming consoles) may
foster new kind of attacks based upon stack
misbehaviors, or protocol fingerprinting. For
instance, many devices do not have a full-featured
TCP/IP stack and could exhibit erratic or
exploitable behaviors.
Thus, security issues on SNs are cross-layers
(application, network, devices) and strongly relies on
the heterogeneity of actors and media they are
related with.
12
Application Layer Security Issues
SNs are essentially Web Applications. Thus they
suffer from weakness related to client/server
paradigm and native Web technologies (i.e. HTTP,
SQL, AJAX, JavaScript, PHP, JSP, ASP, …).
According to OWASP, the most dangerous
vulnerabilities for Web Apps are: Injection, XSS,
Broken Authentication, Insecure Object
Reference, XSRF, Security Misconfiguration,
Insecure Cryptographic Storage, Failure to
restrict URL access, Insufficient Transport Layer
protection and Unvalidated Redirect and Forward.
13
Network Layer Security Issues
At the network layer, SNs may suffer from different
vulnerabilities which take to gather information:
i) by exploiting the use of HTTP over IEEE 802.11
channels;
ii) by retrieving information from HTML pages and
in-line objects;
iii) since SNs have a typical traffic pattern, it is
possible to gather information also from ciphered
traffic;
iv) Devices used to connect to SNs may not have a
complete TCP/IP stack, reducing security.
14
Exploiting SN’s flaws
We investigated how a subset of OWASP
vulnerabilities may be exploited on a SN.
To this aim, we built a toy model of a simple SN
(denoted as AllTogether) to investigate the impact
of:
Injection
XSS
Broken Authentication
XSRF
15
The AllTogether toy Scenario
AllTogether is a sample model where each logged
user can:
navigate his profile;
update his profile;
adding/removing friends;
chat with friends;
exchange messages with all users;
specify visibility policies for portions of his/her profile
with a single friend granularity.
16
Exploiting Injection in AllTogether
SQL Injection can be used to force the adding of a
malicious user as a friend of a victim one;
This is possible if no check are made on the friend
name which may contain another SQL statement;
Correct query:
INSERT INTO Friends VALUES (“John Doe”, “Jane Doe”);
Injected query:
INSERT INTO Friends VALUES (“John Doe”, “Jane Doe”); INSERT
INTO Friends VALUES (“John Doe”, “Eve )”;
17
Exploiting XSS in AllTogether
Users update profile using HTML forms. A
malicious user can embed JS code in an HTML of
his profile as follows:
+39010353XXX <script language="javascript"
type="text/javascript">alert(document.cookie);</script>
A user accessing that field will execute
automatically the JS code through his browser, if
proper control on HTML fields are not executed on
the SN side.
18
Exploiting Broken Auth in AllTogether
SNs use password retrieval services which are
generally based on a shared secret (e.g. the
surname of the user’s mother);
A user is challenged to answer correctly to the
secret question in order to change his credentials;
Many of these information are available on posts
and profile;
Malicious user can discover such information by
crawling the SN graph;
19
Exploiting XRSF in AllTogether
The XSRF attack can force a user to perform an
unwanted action, inadvertently;
SN APIs are public and method for friend addition
may be well known by any user;
A malicious user can force a victim to visit an URL
(e.g. through a message) that, once executed by
the victim, invokes the APIs method for adding a
friendship relation;
In order to successfully exploit XSRF, the victim
user must be logged to the SN.
20
Heterogeneous Security and Energy
Consumption
Attacks to an OSN (as those explained for the
AllTogether toy example scenario) are hardly
managed by a single security mechanism, thus
security in OSN is generally granted by a set o
different solutions.
Besides, successful attacks have impacts also on
energy consumption as well as on data privacy,
integrity and confidentiality.
Thus, both these different aspects should be
considered taking to a new approach to security.
21
Towards Green Security
Security mechanisms account for energy
consumption at different levels, putting an
overhead within the computing infrastructure;
Optimal and non-overlapping security solutions
sufficient for countering network and application
security issues is required but not sufficient in the
near future;
Energy-consumption perspective must be taken also
into account.
22
Green Security and Green Newtorking
The complexity of SNs consequently increases the
resources required to the network, since users
connects from different devices, often at the same
time;
Thus, also security requirements increases due to
the complexity of clients for accessing the SN;
In general, this reflects into an amount of power
consumption, due both to service complexity and
security;
23
Towards a new problem space
A new kind of green-aware security issues arise:
security mechanisms may require proper
architectural elements to be placed in the network;
in order to secure communications additional
signaling could be needed;
such protocols and mechanisms can reflect in
additional software layers increasing consumption
through additional CPU usage;
users access the Internet both via wireless and
wired access networks. Thus, security mechanisms
could be deployed at different layers.
24
A Green Perspective in Securing SNs
SNs are protected by means of a combination
overlapping security mechanisms, designed without
taking into account energy costs.
Such security mechanisms (e.g. IDS, Antivirus)
currently significantly lowers the battery of mobile
devices.
Modeling and assessing the energy consumption of
current mechanisms and designing new green-aware
solutions is our proposal.
25
Green Security: an Early Model
26
Green Security: an early model /2
27
Green Security: an early model /3
28
Conclusions
In this Chapter, we:
Analyzed security issues related to SNs;
Pointed out interrelations between Green Computing,
Security and SNs;
Argued that current approaches to securing SNs are
not optimized in terms of energy consumption;
Proposed a new research trend aimed at greening the
development of future security solutions.
Future developments:
sperimental measurements of actual energy
consumption of security mechanisms;
Modeling and designing green-aware security
solutions.
29