Stealth Probing: Efficient Data- Plane Security for IP Routing Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.

Slides:

Advertisements

Similar presentations

Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.

Advertisements

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.

Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.

Detecting Malicious Routers Alper T. Mızrak, Keith Marzullo, Stefan Savage University of California, San Diego.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

Loss and Delay Accountability for the Internet by Presented by:Eric Chan Kai Chen.

Traffic Engineering With Traditional IP Routing Protocols

Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

SAVE: Source Address Validity Enforcement Protocol Jun Li, Jelena Mirković, Mengqiu Wang, Peter Reiher and Lixia Zhang UCLA Computer Science Dept 10/04/2001.

RCS: A Rate Control Scheme for Real-Time Traffic in Networks with High B X Delay and High error rates J. Tang et al, Infocom 2001 Another streaming control.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Chapter 1 Read (again) chapter 1.

Design for Network Managability Mung Chiang and Jennifer Rexford Princeton University March 2007.

1 Link Layer & Network Layer Some slides are from lectures by Nick Mckeown, Ion Stoica, Frans Kaashoek, Hari Balakrishnan, and Sam Madden Prof. Dina Katabi.

1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.

Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.

Multipath Routing Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

A victim-centric peer-assisted framework for monitoring and troubleshooting routing problems.

1 Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.

A Pluralist Approach to Interdomain Communication Security Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

Jennifer Rexford Fall 2010 (TTh 1:30-2:50 in COS 302) COS 561: Advanced Computer Networks Stub.

Network Topologies.

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

Mobile IP: Introduction Reference: “Mobile networking through Mobile IP”; Perkins, C.E.; IEEE Internet Computing, Volume: 2 Issue: 1, Jan.- Feb. 1998;

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Introduction Slide 1 A Communications Model Source: generates.

Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.

Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.

BGP Man in the Middle Attack Jason Froehlich December 10, 2008.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.

1 Route Optimization for Large Scale Network Mobility Assisted by BGP Feriel Mimoune, Farid Nait-Abdesselam, Tarik Taleb and Kazuo Hashimoto GLOBECOM 2007.

A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡

1 A Framework for Measuring and Predicting the Impact of Routing Changes Ying Zhang Z. Morley Mao Jia Wang.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

APPLICATION LAYER MULTICASTING

Performance Validation of Mobile IP Wireless Networks Presented by Syed Shahzad Ali Advisor Dr. Ravi Pendse.

TCP/IP Model & How it Relates to Browsing the Internet Anonymously BY: HELEN LIN.

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 11: Mobile Transport Layer Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 6: Static Routing Routing and Switching Essentials.

End-to-End Principle Brad Karp UCL Computer Science CS 6007/GC15/GA07 25 th February, 2009.

CWSA Workshop SWAN: Survivable Wireless Ad Hoc Networks Cristina Nita-Rotaru Purdue University J oint work with: Baruch Awerbuch, Reza Curtmola, Dave Holmer.

Placing Relay Nodes for Intra-Domain Path Diversity Meeyoung Cha Sue Moon Chong-Dae Park Aman Shaikh Proc. of IEEE INFOCOM 2006 Speaker 游鎮鴻.

MPLS WG Meeting IETF 58 Paris Detecting MPLS Data Plane Failures in Inter-AS and inter-provider Scenarios draft-nadeau-mpls-interas-lspping-00.txt Tom.

Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Elliott Karpilovsky, Princeton University on behalf of Jennifer Rexford, Princeton.

Secure Single Packet IP Traceback Mechanism to Identify the Source Zeeshan Shafi Khan, Nabila Akram, Khaled Alghathbar, Muhammad She, Rashid Mehmood Center.

Introduction Wireless devices offering IP connectivity

Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.

VPN: Virtual Private Network

Defending Against DDoS

Chapter 2: Static Routing

Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.

Chapter 2: Static Routing

Home Internet Vulnerabilities

IIT Indore © Neminath Hubballi

DDoS Attack and Its Defense

SPINE: Surveillance protection in the network Elements

Presentation transcript:

Stealth Probing: Efficient Data- Plane Security for IP Routing Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford

Hosts vis-à-vis Routers (Attacks against Availability)

Routing Fabric (Routing Protocols)

Routing Fabric (Data Forwarding)

Attacks against the Routing Fabric (Breaking Perimeter Defense) AS 0 AS 3 AS 4 AS 1 AS 2 AS: Autonomous System AS 0 AS 3 AS 4 AS 1 AS 2 AS: Autonomous System AS 0 AS 3 AS 4 AS 1 AS 2 AS: Autonomous System Perimeters can be broken because of: Disgruntled network operators Password guessing Exploits of the OS

Attacks against the Routing Fabric (Routing Protocol Attacks and Defenses) These attacks game the routing state by falsifying routing protocol messages Falsifications come in two flavors: –Modification of en-route protocol messages –Collusion (or wormhole) attacks Secure routing protocols protect from the modification of protocols messages –They do not protect from wormholes –They do not verify forwarding behavior

Limitation of Secure Routing Protocols (Data-Plane Adversary) DATA

Attacks against the Routing Fabric (Data-Plane Attacks) Link layer disruption –Physical layer attacks –Medium access control layer attacks Network layer disruption –Packet loss –Packet modification –Packet delay –Packet deflection Transport layer disruption –Attacks against the congestion control mechanism

Securing the Routing Fabric (Defending against Data-Plane Attacks) Availability monitoring –Easy for the traffic source –Difficult from within the network Fault localization –Beaconing and traceroute egregiously fail in adversarial networks –In adversarial networks, fault localization is difficult but necessary

Overview Introduction Stealth Probing Intradomain Deployment -- Byzantine Tomography Interdomain Deployment -- Secure Route Control Related Work Conclusion

Availability Monitoring (Problem Formulation)

Naïve Solutions Probing (e.g., ping) Cumulative network-layer ACKs Transport-layer ACKs ingressegress

Stealth Probing (Approach) Prevent the adversary from preferentially treating probing traffic by making data and probing traffic indistinguishable Three steps 1.Create an encrypted tunnel and divert both data and probing traffic in the tunnel 2.Match the size of probing traffic with that of the data traffic 3.Obscure the timing of probes

ingress routeregress router Stealth Probing (Approach---continued)

ingress routeregress router Stealth Probing (Approach---continued)

Stealth Probing (Primary Benefits) Non-intrusive (low overhead) Detects “delay attacks” (by measuring the round-trip-times of probing traffic) Prevents selective low-rate attacks that target individual IP addresses (by hiding the source and destination IP addresses of data traffic) Mitigates attacks that exploit TCP (by making the TCP mechanism “opaque”)

Stealth Probing (Secondary Benefits) Encryption protects unencrypted host-to- host communications Fate-sharing between data traffic and probes is broadly useful in network troubleshooting Tunnels are useful in traffic engineering

Overview Introduction Stealth Probing Intradomain Deployment -- Byzantine Tomography Interdomain Deployment -- Secure Route Control Related Work Conclusion

Basic idea Fault localization without overburdening the data plane: –Terminal nodes monitor path availability –Terminal nodes disclose faulty paths to a designated network entity –This entity “triangulates” adversarial nodes and links from the collection of faulty paths

Byzantine Tomography (Model)

Byzantine Tomography (Approach) Solves Minimum Hitting Set

Byzantine Tomography (Basic Property) Output from Byzantine tomography is not always accurate However, accuracy increases as fault knowledge expands Therefore, the higher the adversary’s impact, the more likely it is that the adversary will be correctly detected

Overview Introduction Stealth Probing Intradomain Deployment -- Byzantine Tomography Interdomain Deployment -- Secure Route Control Related Work Conclusion

Secure Route Control AS A (Stub) AS B (Stub) Provider

Secure Route Control (cont.) AS A (Stub) AS B (Stub) Provider

Overview Introduction Stealth Probing Intradomain Deployment -- Byzantine Tomography Interdomain Deployment -- Secure Route Control Related Work Conclusion

Related Work Perlman proposed encryption to make data and control traffic indistinguishable –Perlman proposed encryption at network links –We extend this idea to network paths Mizrak et al. proposed Fatih as a secure data-plane availability monitor –Fatih requires clock synchronization –Stealth probing does not rely on clock synchronization Several researchers have proposed data-plane mechanisms for secure fault localization –Byzantine tomography is a management-plane technique

Conclusion (1) Resilience was a top priority in the design of the operational Internet but the threat model was naïve (vis-à-vis today’s attacks) In future networks, we should expect to see –better perimeter defense and –in-depth defense secure routing protocols secure data forwarding Stealth probing is a secure availability monitor that works by concealing probing traffic

Conclusion (2) We presented deployment scenarios of this monitor in –Intradomain routing and –Interdomain routing Our ongoing work focuses on … : –Intradomain case: … improving the accuracy of Byzantine tomography –Interdomain case: … investigating the benefits of more flexible interdomain path selection schemes

Thank you Questions