Dennis Beard Sandra Murphy Yi Yang March 2003 Threats to Routing Protocols.

Slides:



Advertisements
Similar presentations
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Advertisements

The Sybil Attack By John R. Douceur Presented by Samuel Petreski March 31, 2009.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
BGP Security APNIC Open Policy Meeting Routing SIG 23 February 2005 Kyoto, Japan Russ Housley
Lecture 1: Overview modified from slides of Lawrie Brown.
Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) IETF 67 - ANCP WG November 5-10, 2006 draft-moustafa-ancp-security-threats-00.txt.
IT 221: Introduction to Information Security Principles Lecture 1: Introduction to IT Security For Educational Purposes Only Revised: August 28, 2002.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 An Overview of Computer Security computer security.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
Introduction (Pendahuluan)  Information Security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Cryptography and Network Security
1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Computer Security: Principles and Practice
Doc.: IEEE ai Submission Paul Lambert, Marvell Security Review and Recommendations for IEEE802.11ai Fast Initial Link Setup Author:
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
1 Introduction to Network Security Spring Outline Introduction Attacks, services and mechanisms Security threats and attacks Security services.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.
Information Security What is Information Security?
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.
RFC 3964 Security Considerations for 6to4 Speaker: Chungyi Wang Adviser: Quincy Wu Date:
11/9/2004SPARTA: IETF 611 RPSEC THREATS STATUS Sandra Murphy.
12/18/20151 Computer Security Introduction. 12/18/20152 Basic Components 1.Confidentiality: Concealment of information (prevent unauthorized disclosure.
Dynamic Routing Protocols II OSPF
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
Network Security Introduction
11 Softwire Security Analysis and Guidance for Mesh Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota draft-ietf-softwire-security-requirements-XX.txt.
1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
Computer threats, Attacks and Assets upasana pandit T.E comp.
C OMPUTER THREATS, ATTACKS AND ASSETS DONE BY NISHANT NARVEKAR TE COMP
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 IPSec: An Overview Dr. Rocky K. C. Chang 4 February, 2002.
GEONET Brainstorming Document. Content Purpose of the document Brainstorming process / plan Proposed charter Assumptions Use cases Problem description.
Multicasting EECS June Multicast One-to-many, many-to-many communications Applications: – Teleconferencing – Database – Distributed computing.
Forms of Network Attacks Gabriel Owens COSC 352 February 24, 2011.
Threats, Attacks And Assets… By: Rachael L. Fernandes Roll no:
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
19 March 2003Page 1 BGP Vulnerabilities Draft March 19, 2003 Sandra Murphy
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Introduction to Information Security Module 1. Objectives Definitions of information technology and information security Fundamental Security Concepts.
Constraints on Automated Key Management for Routing Protocols
Computer Security Introduction
CS 395: Topics in Computer Security
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Zueyong Zhu† and J. William Atwood‡
Information System and Network Security
Classification of various Attacks.
CNET334 - Network Security
Computer Security Introduction
Introduction to Cryptography
Presentation transcript:

Dennis Beard Sandra Murphy Yi Yang March 2003 Threats to Routing Protocols

Outline Scope Routing Functions Threat Definition Threat Source, Action & Consequence Generally Identifiable Routing Threat Actions Threats against Multicast Routing Protocols

Scope All routing protocols Intent: advise routing protocol designers about security get them thinking about vulnerabilities set requirements (MUST, SHOULD, MAY) Intra- and Inter-domain (IGP and EGP) Security of the protocol, not of the operational environment it works in

Routing Functions Transport subsystem the subsystem that carries the data between routers can be attacked - impact on routing protocol can carry attack to the routing protocol Neighbor state determine peer and establish relationship attacks can break relationship - disrupt routing [typo: draft said BGP and CEASE msg]

Routing Functions (cont) Database maintenance sometimes a separate step, sometimes an implicit result of the communication of topology info like wireless keeping interesting routes topology computation from database Each function has control and data parts different consequences from each

Threat definition “A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.” Robert Shirey, RFC2828: Internet Security Glossary The RFC definitions are the basis for the expression of our model

Threat Model - Sources Intruders or malicious programs launched by the intruder  Compromised (or subverted??) links  Compromised (or subverted??) routers  Masquerading routers (illegitimately assumes identity/ role)  Unauthorized devices  Should RP designers worry about subverted links?  Should we distinguish masquerading from unauthorized routers? * A router may play multiple roles simultaneously

Threat Model - Actions Attacks and other intentional malicious actions against the routing protocols Address proper protocol design to mitigate threat Need to identify external factor that protocol should protect  Deliberate exposure  Sniffing/ wiretapping  Traffic analysis  Spoofing  Falsification  Interference  Overload * An attacker may launch multiple actions simultaneously

Threat Model - Consequences Compromises and the damage done by the malicious actions Zones (impact to router(s), Autonomous System(s), Global) Period (smaller, equal or greater than threat action duration)  Disclosure Unauthorized access to routing info  Deception Belief of false routing info  Disruption Operation degradation or interruption  Usurpation Control/ modification of legitimate router services / functions * An action may cause multiple consequences

Deliberate Exposure Intentional release of routing information Sniffing Monitor routing exchange between legitimate routers Traffic Analysis Indirect access to routing info gained by monitoring data traffic Spoofing Assume other’s identity Falsification Declare invalid routing information Interference Impact routing exchanges Overload Place excessive burdens Generally Identifiable Threat Actions

Deliberate Exposure Intentional release of routing information to unauthorized devices All attackers Disclosure Is this a valid threat against routing protocols?

Sniffing/ Wiretapping Monitor / record routing information Compromised / subverted links Disclosure

Traffic Analysis Analyze data traffic to learn routing information Compromised / subverted links Disclosure Is this a valid threat against routing protocols?

Spoof Illegally assumes a legitimate router's identity All attackers Attackers become masquerading routers after successful spoof It is a threat, as well as a means to launch threat Consequences: Deception (on peer relationship) and Dos based on the Deception Accounting Disclosure (on routing information)

Falsification Make and distribute invalid routing information Sources: Originator: All attackers except compromised / subverted links Overclaiming Underclaiming Misclaiming Is underclaiming a valid threat? (not-existing vs. not defendable) Forwarder: all attackers Overstatement Understatement Misstatement

Falsification (cont) Consequences: Deception Usurpation Disruption

Interference Inhibit routing exchanges All attackers Disruption

Overload Place excess burden Against control plane or data plane Should we care about data plane in routing protocol design? All attackers Disruption

Byzantine Failures Caused by faulty routers So general that redundant to other threat actions: falsification, overload… Should not be listed separately

Discarding of control packets Similar to underclaiming? OLSR

Network Mapping Threats Threat action or consequence? If this is action, is it redundant to sniffing/traffic analysis?

Multicast Routing Threat Actions Introduction of misleading route information via non- existent (black hole) or incorrect routes is a key MC routing vulnerability MC routing protocols are at least as susceptible as Unicast. Updates can be: Fabricated Modified Replayed Deleted Snooped

Sandy’s Comments Summarized Section 3.1: content Section 4.1: Deliberate Exposure: content Section 4.3: Traffic Analysis: content Section 4.4: Spoofing: editorial Section 4.5: Underclaiming: content Section 4.5a: “ownership”: editorial Section 4.7: Overload: editorial/content Section 4.8: Byzantine Failures: editorial Section 4.9: Discard of Control Messages: content Section 4.10: Network Mapping: editorial Multicast Routing: editorial (redundant, inconsistent)

Sandy’s Comments: Some Themes privacy of routing data - important? comments both ways on mailing list nemo group wants “location privacy” Section 4.1: Deliberate Exposure Section 4.3: Traffic Analysis not attack in routing protocol (or not addressable) Section 4.3: Traffic Analysis Section 4.7: Overload Section 2: Transport Subsystem correctness vs security Section 4.5: Underclaiming Section 4.9: Discard of Control messages

Sanity Checks Need to compare to BGP Attack Tree document see if there are attacks there not represented here and vice versa many of that document’s attacks are operational in nature (I.e., not the business of this analysis) Need to compare to SOBGP/SBGP see if those approaches deal with these threat actions, sources, consequences see if there are any further vulnerabilities unprotected Need to compare to other routing protocol expressed security requirements (e.g., nemo)

In Closing… We have presented a model to: Document threats & related consequences Provide a format to help prioritize results Enable a process to: 1. Address top threat actions 2. Make a decision on medium/ low threat actions Must be included Acceptable risk (future work)

Next Step Need your input to address the following: Structure Content Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.