Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.

Slides:



Advertisements
Similar presentations
The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June
Advertisements

1 Threats & lessons learned from todays control/management planes (Panel on routing) Z. Morley Mao University of Michigan NSF FIND PI meeting, June 27.
Using Network Virtualization Techniques for Scalable Routing Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton University.
Security implications of source- controlled routes Xiaowei Yang UC Irvine NSF FIND PI meeting, June
Security Issues In Mobile IP
Path Splicing with Network Slicing
Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.
Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.
Multihoming and Multi-path Routing
Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:
Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.
Theory Lunch. 2 Problem Areas Network Virtualization for Experimentation and Architecture –Embedding problems –Economics problems (markets, etc.) Network.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.
Multihoming and Multi-path Routing CS 7260 Nick Feamster January
Internetworking II: MPLS, Security, and Traffic Engineering
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.
FastPass: Availability Tokens to Defeat DoS Presented at CMU Systems Seminar by: Dan Wendlandt Work with: David Andersen & Adrian Perrig.
1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
Secure Routing in Sensor Networks: Attacks and Countermeasures First IEEE International Workshop on Sensor Network Protocols and Applications 5/11/2003.
Don’t Secure Routing, Secure Data Delivery Dan Wendlandt (CMU) With: Ioannis Avramopoulos (Princeton), David G. Andersen (CMU), and Jennifer Rexford (Princeton)
1 Future Internet Architectures: Toward an Architecture-Agnostic Architecture Jennifer Rexford Princeton University
Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
CS335 Networking & Network Administration Tuesday, April 20, 2010.
Tesseract A 4D Network Control Plane
Wen Xu and Jennifer Rexford Princeton University MIRO : Multi-path Interdomain ROuting.
Multipath Routing Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
Stealth Probing: Efficient Data- Plane Security for IP Routing Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.
Internet Protocol Security (IPSec)
A Pluralist Approach to Interdomain Communication Security Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.
Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Mobile IP Performance Issues in Practice. Introduction What is Mobile IP? –Mobile IP is a technology that allows a "mobile node" (MN) to change its point.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Objectives Configure routing in Windows Server 2008 Configure Network Address Translation 1.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Routing and Routing Protocols Routing Protocols Overview.
1 Cabo: Concurrent Architectures are Better than One Jennifer Rexford Princeton University Joint work with Nick Feamster.
Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
PRESENTATION ON:- INTER NETWORK Guided by: Presented by:- Prof. Ekta Agrwal Dhananjay Mishra Prafull Jain Vinod Kumawat.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
An Analysis of IPv6 Security CmpE-209: Team Research Paper Presentation CmpE-209 / Spring Presented by: Dedicated Instructor: Hiteshkumar Thakker.
W&L Page 1 CCNA CCNA Training 3.4 Describe the technological requirements for running IPv6 in conjunction with IPv4 Jose Luis Flores /
Networking Components Quick Guide. Hubs Device that splits a network connection into multiple computers Data is transmitted to all devices attached Computers.
K. Salah1 Security Protocols in the Internet IPSec.
Securing Access to Data Using IPsec Josh Jones Cosc352.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Network Architecture Characteristics  Explain four characteristics that are addressed by.
© ITT Educational Services, Inc. All rights reserved. IS3120 Network Communications Infrastructure Unit 7 Layer 3 Networking, Campus Backbones, WANs, and.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
Virtual Private Networks
Chapter 18 IP Security  IP Security (IPSec)
CSE 4905 Network Security Overview
Server-to-Client Remote Access and DirectAccess
Review of TCP/IP Internetworking
COMPUTER NETWORKS CS610 Lecture-42 Hammad Khalid Khan.
Presentation transcript:

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang

2 Goal of the Panel Understand and discuss –The threats on the routing system –Lessons learned from todays routing system –Challenges of architecting a secure routing system –A few specific architectural proposals

3 Questions What are the threats? –End hosts –Compromised routers –Greedy providers What security properties do we need? –Just availability? –Knowing traffic is reaching the right destination? –Knowing end-to-end path? At what granularity? –Avoiding certain paths, countries, or companies? –Do paths need to be symmetric? Enable multiple levels of security in parallel?

4 Questions Where should security functions be placed? –End hosts vs. routers –Data, control, and management planes How do we ensure participation? –Economic incentives for deployment? –Role (if any) for government regulation? –Any need for accountability/liability for problems? –Enable partial deployment scenarios?

5 Organization Morley Mao, U. Michigan –Threats, and an operator perspective (15 min) Jen Rexford, Princeton –Multi-path routing and secure monitoring (10 min) Xiaowei Yang, UC Irvine –User-controlled routes (15 min) Discussion, debate, …

Helping Edge Networks to Help Themselves Jen Rexford Joint work with Dave Andersen, Ioannis Avramopoulos, and Dan Wendlandt

7 Dont Need Secure Routing Protocols Secure routing protocols –Securing info communicated within the protocol Secure routing protocols are too much –Require large-scale (ubiquitous?) deployment –Heavy weight crypto operations –Global public key infrastructure Secure routing protocols are too little –Packets might not follow the path –Adversary can deflect packets or DoS links –Colluding ASes can claim fake links

8 Secure End-to-End Communication An architectural proposal –Multi-path routing exposes possible paths –Edge nodes find and securely use working paths End-to-end security (e.g., SSL & IPsec) Confidentiality of Data Integrity of Data Availability of Communication Channel Depends on Routing and Forwarding

9 Where do Multiple Paths Come From? Multi-homing –Connecting to multiple neighboring ASes –Connecting to a neighbor at multiple places Deflecting through intermediate nodes –Overlay networks of end hosts –Deflection services offered by other networks Multi-path routing protocols A A B B C D

10 How Do Edge Nodes Switch Forwarding Paths? Tagging –Mark tag bits in the data packets –Routers interpret the bits in forwarding Encapsulation –Specifying intermediate deflection point –Routers forward based on deflection address B A C 101 B

11 How Do Edge Nodes Decide to Change Paths? End-to-end integrity check –IPsec and SSL –Client authentication and server certificates –Vote among users from many vantage points Secure availability monitoring –End-host applications judge the performance –Edge routers securely sample the performance

12 Conclusion Secure routing is not the goal –The control plane is just one part of the system –Jen, the Internet is not a network for delivering BGP update messages. – Randy Bush Secure communication should be the goal –Integrity, confidentiality, and availability Leading to a combination of mechanisms –End-to-end integrity and confidentiality –Multi-path routing and forwarding –Secure availability monitoring

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.