Security problems in the TCP/IP protocol suite

The TCP/IP protocol suite, which is very widely used today, was developed under the sponsorship of the Department of Defense. Despite that, there are a number of serious security flaws inherent in the protocols, regardless of the correctness of any implementations. We describe a variety of attacks based on these flaws, including sequence number spoofing, routing attacks, source address spoofing, and authentication attacks. We also present defenses against these attacks, and conclude with a discussion of broad-spectrum defenses such as encryption.

[1]  David L. Mills Exterior Gateway Protocol formal specification , 1984, RFC.

[2]  Van Jacobson,et al.  TCP Extension for High-Speed Paths , 1990, RFC.

[3]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[4]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[5]  Whitfield Diffie The first ten years of public-key cryptography , 1988 .

[6]  David D. Clark,et al.  PCMAIL: A distributed mail system for personal computers , 1986, RFC.

[7]  John Gilmore,et al.  Bootstrap Protocol , 1985, RFC.

[8]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[9]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[10]  Donald W. Davies,et al.  Security for computer networks - an introduction to data security in teleprocessing and electronic funds transfer (2. ed.) , 1989, Wiley series in communication and distributed systems.

[11]  Charles Cresson Wood,et al.  Security for computer networks : D.W. Davies and W.L. Price New York: John Wiley and Sons, 1984. 386 + xix pages, $19.50 , 1985, Computers & security.

[12]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[13]  Jeffrey D. Case,et al.  Simple Network Management Protocol , 1988, RFC.

[14]  Jeffrey D. Case,et al.  Simple Network Management Protocol (SNMP) , 1989, RFC.

[15]  Douglas Comer,et al.  Internetworking with TCP/IP , 1988 .

[16]  Karen R. Sollins,et al.  TFTP Protocol (revision 2) , 1981, RFC.

[17]  Jon Postel,et al.  Post Office Protocol: Version 2 , 1985, RFC.

[18]  Mike St. Johns Draft revised IP security option , 1988, RFC.

[19]  Jon A. Rochlis,et al.  With microscope and tweezers: an analysis of the Internet virus of November 1988 , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[20]  David L. Mills,et al.  Network Time Protocol (version 1) specification and implementation , 1988, RFC.

[21]  Eugene H. Spafford,et al.  The internet worm program: an analysis , 1989, CCRV.

[22]  David L. Mills,et al.  Internet Delay Experiments , 1983, RFC.

[23]  Douglas E. Comer,et al.  Internetworking with TCP/IP - Principles, Protocols, and Architectures, Fourth Edition , 1988 .

[24]  Roger M. Needham,et al.  Authentication revisited , 1987, OPSR.

[25]  D. H. Crocker,et al.  Standard for the format of arpa intemet text messages , 1982 .

[26]  Marshall T. Rose,et al.  Management Information Base for network management of TCP/IP-based internets , 1990, RFC.

[27]  Donn Seeley,et al.  A Tour of the Worm , 1988 .

[28]  Ken Harrenstien,et al.  NAME/FINGER Protocol , 1977, RFC.

[29]  Abhay K. Bhushan,et al.  The File Transfer Protocol , 1971, Request for Comments.

[30]  Jon Postel,et al.  Internet Control Message Protocol , 1981, RFC.

[31]  Joyce K. Reynolds Post Office Protocol , 1984, RFC.

[32]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.

[33]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[34]  Dave Crocker Standard for the Format of ARPA Internet Messages , 1982, RFC.

[35]  Marvin Theimer,et al.  A Reverse Address Resolution Protocol , 1984, RFC.

[36]  N. S. Barnett,et al.  Private communication , 1969 .

[37]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[38]  Charles L. Hedrick,et al.  Routing Information Protocol , 1988, RFC.

[39]  Keith McCloghrie,et al.  Management Information Base for network management of TCP/IP-based internets , 1990, RFC.

[40]  David Goldberg,et al.  Secure Networking in the Sun Environment , 1986, USENIX Summer.

[41]  David C. Plummer,et al.  Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware , 1982, RFC.

[42]  John Linn,et al.  Privacy enhancement for Internet electronic mail: Part I: Message encipherment and authentication procedures , 1989, RFC.

[43]  Jon Postel,et al.  Assigned Numbers , 1979, RFC.

[44]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[45]  Radia J. Perlman,et al.  Network layer protocols with Byzantine robustness , 1988 .

[46]  Mike St. Johns Authentication server , 1985, RFC.

[47]  F. T. Grampp,et al.  The UNIX system UNIX operating system security , 1984, AT&T Bell Laboratories Technical Journal.

[48]  Matt Bishop,et al.  An Application of a Fast Data Encryption Standard Implementation , 1988, Comput. Syst..