Finding Vulnerable Network Gadgets in the Internet Topology Author: Nir Amar Supervisor: Dr. Gabi Nakibly Author: Nir Amar Supervisor: Dr. Gabi Nakibly.

Slides:

Advertisements

Similar presentations

BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.

Advertisements

How Secure are Secure Interdomain Routing Protocols? B 大氣四鍾岳霖 B 財金三婁瀚升 1.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira Joint work with Yaping Zhu and Jennifer Rexford (Princeton University)

1 Interdomain Routing and Games Hagay Levin, Michael Schapira and Aviv Zohar The Hebrew University.

By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.

Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira (Yale University and UC Berkeley) Joint work with Yaping Zhu and Jennifer Rexford.

Traffic Engineering With Traditional IP Routing Protocols

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.

Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.

Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.

Internet Routing (COS 598A) Today: Interdomain Traffic Engineering Jennifer Rexford Tuesdays/Thursdays.

Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

04/05/20011 ecs298k: Routing in General... lecture #2 Dr. S. Felix Wu Computer Science Department University of California, Davis

1 Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.

Simulation of BGP Protocol Ahmad Salam AlRefai Wael F. Al Takrouri December 28, 2008 Using OPNET IT Guru Simulating Tool.

R OUTING IN THE INTERNET. A UTONOMOUS SYSTEM ( AS ) Collections of routers that has the same protocol, administative and technical control Intra-AS routing.

Computer Networks Layering and Routing Dina Katabi

1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)

Network Sensitivity to Hot-Potato Disruptions Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Authors Renata Teixeira, Aman Shaikh and Jennifer Rexford(AT&T), Tim Griffin(Intel) Presenter : Farrukh Shahzad.

I-4 routing scalability Taekyoung Kwon Some slides are from Geoff Huston, Michalis Faloutsos, Paul Barford, Jim Kurose, Paul Francis, and Jennifer Rexford.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.

1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)

9/15/2015CS622 - MIRO Presentation1 Wen Xu and Jennifer Rexford Department of Computer Science Princeton University Chuck Short CS622 Dr. C. Edward Chow.

1 Controlling IP Spoofing via Inter-Domain Packet Filters Zhenhai Duan Department of Computer Science Florida State University.

1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)

How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

David Wetherall Professor of Computer Science & Engineering Introduction to Computer Networks Hierarchical Routing (§5.2.6)

1 Internet Routing. 2 Terminology Forwarding –Refers to datagram transfer –Performed by host or router –Uses routing table Routing –Refers to propagation.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_a Routing Protocols: RIP, OSPF, BGP Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

Routing and Routing Protocols

Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University

Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University

Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.

Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.

1 Chapter 4: Internetworking (IP Routing) Dr. Rocky K. C. Chang 16 March 2004.

Michael Schapira, Princeton University Fall 2010 (TTh 1:30-2:50 in COS 302) COS 561: Advanced Computer Networks

Decoy Router Placement Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University.

Border Gateway Protocol BGP-4 BGP environment How BGP works BGP information BGP administration.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.

Border Gateway Protocol. Intra-AS v.s. Inter-AS Intra-AS Inter-AS.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.

1 Internet Routing 11/11/2009. Admin. r Assignment 3 2.

Decoy Router Placement Against a Smart Adversary Jacopo Cesareo, Michael Schapira, and Jennifer Rexford Princeton University.

Working at a Small-to-Medium Business or ISP – Chapter 6

Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.

COMP 3270 Computer Networks

COS 561: Advanced Computer Networks

No Direction Home: The True cost of Routing Around Decoys

Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.

COS 561: Advanced Computer Networks

ITIS 6010/8010 Wireless Network Security

COS 561: Advanced Computer Networks

Working at a Small-to-Medium Business or ISP – Chapter 6

Fixing the Internet: Think Locally, Impact Globally

BGP Instability Jennifer Rexford

Presentation transcript:

Finding Vulnerable Network Gadgets in the Internet Topology Author: Nir Amar Supervisor: Dr. Gabi Nakibly Author: Nir Amar Supervisor: Dr. Gabi Nakibly

Background  The Internet – composed of some 50,000 autonomous systems (AS).  An AS is a collection of networks and routers which are administered by a single authority, i.e., an ISP, a large corporation or a university.  The routing between the different ASes is done using a protocol called BGP.  The Internet – composed of some 50,000 autonomous systems (AS).  An AS is a collection of networks and routers which are administered by a single authority, i.e., an ISP, a large corporation or a university.  The routing between the different ASes is done using a protocol called BGP.

BGP and Relationships

Import, Routing and Export policies  Upon receiving a route update for a given set of subnets, needs to decide whether to accept this update (Import policy)  If the update is accepted, need to decide whether to use the proposed route. (routing policy)  If the this path is chosen for routing, need to determine whether to propagate the update to the neighboring As’s. ( export policies)  Upon receiving a route update for a given set of subnets, needs to decide whether to accept this update (Import policy)  If the update is accepted, need to decide whether to use the proposed route. (routing policy)  If the this path is chosen for routing, need to determine whether to propagate the update to the neighboring As’s. ( export policies)

How Secure are Secure Interdomain Routing Protocols?  Authors  Sharon Goldberg, Michael Schapira, Peter Hummon and Jennifer Rexford.  Intuition – Shortest Path, Export All  Counter-Intuitive Attacks  Attract More by Announcing Longer Paths  Attract More by Exporting to Less Neighbors  Authors  Sharon Goldberg, Michael Schapira, Peter Hummon and Jennifer Rexford.  Intuition – Shortest Path, Export All  Counter-Intuitive Attacks  Attract More by Announcing Longer Paths  Attract More by Exporting to Less Neighbors

Goal

Attacking BGP  BGP Attacks Classification  Attraction – Attract traffic  Interception – eavesdrop or tamper with traffic before forwarding it on to the legitimate destination.  Quantifying the impact of attacks  Attraction – Shortest Path, Export All  Interception – Shortest Path, Export All, with Connectivity.  BGP Attacks Classification  Attraction – Attract traffic  Interception – eavesdrop or tamper with traffic before forwarding it on to the legitimate destination.  Quantifying the impact of attacks  Attraction – Shortest Path, Export All  Interception – Shortest Path, Export All, with Connectivity. Middle Dst Src

Overall Sequence User parameters: Topology and Attack Simulate BGP using the SW model Assert (Non-deterministic Attack < Intuitive Attack) ExpiSat Counter intuitive attack

Findings and Results

Topology Generation  Time and Memory Consuming  Two non-deterministic decisions:  How many As'es are in the topology  What is the relation between each As'es pair?  Time and Memory Consuming  Two non-deterministic decisions:  How many As'es are in the topology  What is the relation between each As'es pair?  Characteristics for Reducing Topologies Size

Topology Generation – Example Cdcdcsdcdsc dscdscdsc

Interception Attack – Intuitive Cdcdcsdcdsc dscdscdsc

Interception Attack – Counter – Intuitive Cdcdcsdcdsc dscdscdsc

Attack Generation – Interception Attack On Non-Deterministic Topology

Attraction Attack – Intuitive Cdcdcsdcdsc dscdscdsc

Note The topology and the attack creation are un-related!  The user can decide that he have a special topology that he want to find a counter- intuitive attack on it. The software allows such thing to happen.  Same for the case that the user have a specific attack (for example – shortest-path- export-all attack) that he would like to test it on several topologies. The topology and the attack creation are un-related!  The user can decide that he have a special topology that he want to find a counter- intuitive attack on it. The software allows such thing to happen.  Same for the case that the user have a specific attack (for example – shortest-path- export-all attack) that he would like to test it on several topologies.

Conclusion Generating non deterministic attacks. Find gadgets and Appropriate "smart / counter-intuitive" attacks using Software Verification tool Generating non deterministic topologies Succeeded to generate topologies (up to size 5-6) in my memory constraints,

The End.