Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Godfather - P2P Botnets: Security & Communication

1,351 views

Published on

TheGodfather is a DHT oriented Botnet that uses Strong Cryptography

  • Be the first to comment

  • Be the first to like this

The Godfather - P2P Botnets: Security & Communication

  1. 1. Peer-to-Peer Botnets Security & Communication 65963 – David Dias 68208 – Artur Balanuta 68210 – Dário Nascimento Networks and Systems Security 1
  2. 2. OverviewCommunication & OrganizationThe GodfatherDemoConclusions Basic Concepts: • Bot/Zombie • Botnet • Bot Master Can be used for: • DDoS • Spam • Phishing Emails • Click-fraud • Stealing Personal Data Networks and Systems Security 2
  3. 3. Overview Communication & Organization The Godfather Demo Conclusions Facts and Figures“1 trilion monthly spam messages by the end of March 2012”Source: Annual McAffee Threats Report, First Quarter 2012 Networks and Systems Security 3
  4. 4. Overview Communication & Organization The Godfather Demo Conclusions Facts and FiguresMore 5 Million Infections during Q1 2012Cutwail Botnet: 2 million new infectionsGrum botnet: 18% of spam (18 billion/day) sent out across theworldColumbia, Japan, Poland, Spain and USA have the largest botnetincreaseIndonesia, Portugal and South Korea continued to decline Networks and Systems Security 4
  5. 5. Overview 1. PropagationCommunication & Organization 2. OrganizationThe Godfather i. C2 Centralized ii. UnstructuredDemo iii. P2P Overlay NetworkConclusions Networks and Systems Security 5
  6. 6. Overview 1. Propagation Communication & Organization 2. Organization The Godfather i. C2 Centralized ii. Unstructured Demo iii. P2P Overlay Network Conclusions Propagation• Phishing Scams (Ex. SPAM)• Social Engineering (Ex. Facebook)• DNS Poisoning• Infected Mobile Storage (Ex. USB Flashdrives)• App Infection (Ex. Android/IOS)• Polluted Files (Ex. Infected Torrents)• Etc 6 Networks and Systems Security
  7. 7. Overview 1. Propagation Communication & Organization 2. Organization The Godfather i. C2 Centralized ii. Unstructured Demo iii. P2P Overlay Network Conclusions Centralized Command and Control• Single point of control• Direct control of zombies – Easy to detect using traffic analysis 7 Networks and Systems Security
  8. 8. Overview 1. Propagation Communication & Organization 2. Organization The Godfather i. C2 Centralized ii. Unstructured Demo iii. P2P Overlay Network Conclusions Unstructured Control• Unknown botnet size• Bots disseminate commands between themselves• Huge latency => poor performance• Small eficiency (Broadcast messages)• Parts of the network may be unreachable without us knowing Networks and Systems Security 8
  9. 9. Overview 1. Propagation Communication & Organization 2. Organization The Godfather i. C2 Centralized ii. Unstructured Demo iii. P2P Overlay Network Conclusions P2P Overlay Network• Bots join a P2P Network• Communicate through DHT• Botmaster can act as normal bot• Botmaster can enter and exit from several points Networks and Systems Security 9
  10. 10. Overview Communication & Organization The Godfather Demo ConclusionsOur solution? Networks and Systems Security 10
  11. 11. Overview Communication & Organization The Godfather Demo Conclusions• P2P - DHT Pastry• Secure communication• Safe Peer Entry• Renting Model• Avoid Crawlers and Sybil Attacks Networks and Systems Security 11
  12. 12. Overview 1. Peer Entry Communication & Organization 2. Secure Dissemination of botmaster The Godfather Commands 3. Peer-to-peer Trust System Demo 4. Proof-of-work Conclusions 5. Monetize model Peer entry - BotMaster - Relay DHT - Peer BootStrap List193.166.136.25:8080105.157.88.127:8081… Networks and Systems Security 12
  13. 13. Overview 1. Peer Entry Communication & Organization 2. Secure Dissemination of botmaster The Godfather Commands 3. Peer-to-peer Trust System Demo 4. Proof-of-work Conclusions 5. Monetize modelUnstructured Network Networks and Systems Security 13
  14. 14. Overview 1. Peer EntryCommunication & Organization 2. Secure Dissemination of botmasterThe Godfather Commands 3. Peer-to-peer Trust SystemDemo 4. Proof-of-workConclusions 5. Monetize model … Networks and Systems Security 14
  15. 15. Overview 1. Peer EntryCommunication & Organization 2. Secure Dissemination of botmasterThe Godfather Commands 3. Peer-to-peer Trust SystemDemo 4. Proof-of-workConclusions 5. Monetize model Networks and Systems Security 15
  16. 16. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model ConclusionsSecure dissemination of orders Networks and Systems Security 16
  17. 17. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model ConclusionsSecure dissemination of orders Networks and Systems Security 17
  18. 18. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model ConclusionsSecure dissemination of orders Networks and Systems Security 18
  19. 19. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model ConclusionsPeer-to-peer traffic obfuscation Networks and Systems Security 19
  20. 20. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model Conclusions Peer-to-Peer Trust Accomplice List <NodeID,Kpub,Credits,LastMsgReceived> • Limited Size • Sorted by Credits Old peers have priorityDifficult to crawl older bots Networks and Systems Security 20
  21. 21. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model Conclusions Peer-to-Peer Trust Send CommandSend Commands• Preference to avoid key Exchanges Signed by Master or Client• Random Send Credits Lose New >3 invalid Earn Credits Expelled from List It doesn’t avoid Sybil Attacks Networks and Systems Security 21
  22. 22. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model ConclusionsProof-of-Work Networks and Systems Security 22
  23. 23. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model Conclusions Mafia Proof-of-WorkSam wants add Tom to his Accomplice List, they must show that they work to Mafia Sam Tom Node ID Public Key Last 128 bits of puzzle solution are the cipher secret. Options: • Brute-force 128 bits (we will need to check sending message to Sam again) • Solve the puzzle 16 bits Networks and Systems Security 23
  24. 24. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model ConclusionsProof-of-Work Networks and Systems Security 24
  25. 25. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model ConclusionsBit Attemps % Total Time Avg 8 122 47.65 22 ms 16 29 486 44.99 1 sec 24 8 327 669 49.63 6 min 32 2 147 milion 49.98 25 hours 64 9.22337 x 1018 50% 12 306 411 years Average key difficulty is half of size 23.75 attemps / mili secound – Java is slow Networks and Systems Security 25
  26. 26. Overview Communication & Organization The Godfather Demo Conclusions Prices on DarknetCitadel (Zeus variant, financial botnet): US$2,399 $125 for “rent” botnet builder and administration panel $395 for automatic updates for antivirus evasionDarkness (DDoS) From $450 until $1.000 Networks and Systems Security 26
  27. 27. Overview Peer Entry Communication & Organization Secure Dissemination of botmaster Commands The Godfather Peer-to-peer Trust System Proof-of-work Demo Monetize model Conclusions Monetization ModelBotmaster Generate Private/Public Key + Signed CertificateAttacker sign the command with his private keySend the signed command + signatureBot check the certificate signature, attack and forward the message Networks and Systems Security 27
  28. 28. Overview Communication & Organization The Godfather Demo Conclusions Solution Architecture• Peer-to-Peer DHT with signed commands • Certificate generator• Cipher messages transfer • Twitter Bootstrapper• Cryptopuzzle generator and solver • Reputation Accomplice List Networks and Systems Security 28
  29. 29. OverviewCommunication & OrganizationThe GodfatherDemoConclusions Networks and Systems Security 29
  30. 30. Overview Communication & Organization The Godfather Demo ConclusionsDemo Time! Networks and Systems Security 30
  31. 31. Overview Communication & Organization The Godfather Demo ConclusionsConclusions Networks and Systems Security 31
  32. 32. Overview Communication & Organization The Godfather Demo Conclusions• Keeping both low level of traffic and guarantee secure connections it’s hard in botnets• Attacks such as DoS are easy to perform• Botnet detection systems evolved, trust mechanisms are required• All will be released with researching purpose in mind Networks and Systems Security 32
  33. 33. Thank you! Q&A Networks and Systems Security 33

×