Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

Slides:



Advertisements
Similar presentations
How Secure are Secure Interdomain Routing Protocols? B 大氣四 鍾岳霖 B 財金三 婁瀚升 1.
Advertisements

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Network Layer4-1 Hierarchical Routing scale: with 200 million destinations: r can’t store all dest’s in routing tables! r routing table exchange would.
Lecture 9 Overview. Hierarchical Routing scale – with 200 million destinations – can’t store all dests in routing tables! – routing table exchange would.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Chapter 4: Network Layer 4. 1 Introduction 4.2 Virtual circuit and datagram networks 4.3 What’s inside a router 4.4 IP: Internet Protocol –Datagram format.
4a-1 CSE401: Computer Networks Hierarchical Routing & Routing in Internet S. M. Hasibul Haque Lecturer Dept. of CSE, BUET.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Routing Security in Ad Hoc Networks
Inter-domain Routing security Problems Solutions.
14 – Inter/Intra-AS Routing
Routing in Wired Nets CS 215 W 01 - Mario Gerla. Routing Principles Routing: delivering a packet to its destination on the best possible path Routing.
Interdomain Routing and the Border Gateway Protocol (BGP) Reading: Section COS 461: Computer Networks Spring 2011 Mike Freedman
Computer Networks Layering and Routing Dina Katabi
14 – Inter/Intra-AS Routing Network Layer Hierarchical Routing scale: with > 200 million destinations: can’t store all dest’s in routing tables!
EQ-BGP: an efficient inter- domain QoS routing protocol Andrzej Bęben Institute of Telecommunications Warsaw University of Technology,
Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.
1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)
1 Controlling IP Spoofing via Inter-Domain Packet Filters Zhenhai Duan Department of Computer Science Florida State University.
Introduction 1 Lecture 19 Network Layer (Routing Protocols) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science &
How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.
PATH VECTOR ROUTING AND THE BORDER GATEWAY PROTOCOL 1.
Routing in the Internet The Global Internet consists of Autonomous Systems (AS) interconnected with eachother: Stub AS: small corporation Multihomed AS:
David Wetherall Professor of Computer Science & Engineering Introduction to Computer Networks Hierarchical Routing (§5.2.6)
Finding Vulnerable Network Gadgets in the Internet Topology Author: Nir Amar Supervisor: Dr. Gabi Nakibly Author: Nir Amar Supervisor: Dr. Gabi Nakibly.
Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.
Sign What You Really Care About -- Secure BGP AS Paths Efficiently Yang Xiang, Z. Wang, J. Wu, X. Shi, X. Yin Tsinghua University, Beijing AsiaFI 2011.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.
A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡
Network Layer4-1 Intra-AS Routing r Also known as Interior Gateway Protocols (IGP) r Most common Intra-AS routing protocols: m RIP: Routing Information.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_a Routing Protocols: RIP, OSPF, BGP Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.
SIGCOMM 2012 (August 16, 2012) Private and Verifiable Interdomain Routing Decisions Mingchen Zhao * Wenchao Zhou * Alexander Gurney * Andreas Haeberlen.
Efficient Secure BGP AS Path using FS-BGP Xia Yin, Yang Xiang, Zhiliang Wang, Jianping Wu Tsinghua University, Beijing 81th Quebec.
CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)
Pretty Good BGP: Improving BGP by Cautiously Adopting Routes Josh Karlin, Stephanie Forrest, Jennifer Rexford IEEE International Conference on Network.
An internet is a combination of networks connected by routers. When a datagram goes from a source to a destination, it will probably pass through many.
4: Network Layer4b-1 OSPF (Open Shortest Path First) r “open”: publicly available r Uses Link State algorithm m LS packet dissemination m Topology map.
CS 640: Introduction to Computer Networks Aditya Akella Lecture 11 - Inter-Domain Routing - BGP (Border Gateway Protocol)
Ch 22. Routing Direct and Indirect Delivery.
Spring 2000CS 4611 Routing Outline Algorithms Scalability.
1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.
1 Chapter 14-16a Internet Routing Review. Chapter 14-16: Internet Routing Review 2 Introduction Motivation: Router performance is critical to overall.
Michael Schapira, Princeton University Fall 2010 (TTh 1:30-2:50 in COS 302) COS 561: Advanced Computer Networks
Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.
ROUTING ON THE INTERNET COSC Jun-16. Routing Protocols  routers receive and forward packets  make decisions based on knowledge of topology.
Lecture 18 Page 1 CS 236 Online Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS Program Networks and Systems.
Routing in the Internet
Author:Zarei.M.;Faez.K. ;Nya.J.M.
Chapter 4: Network Layer
Routing Information Protocol (RIP)
COS 561: Advanced Computer Networks
BGP supplement Abhigyan Sharma.
任課教授:陳朝鈞 教授 學生:王志嘉、馬敏修
Routing Protocols (RIP, OSPF, BGP).
COS 561: Advanced Computer Networks
Routers Routing algorithms
COS 561: Advanced Computer Networks
Chapter 4: Network Layer
COS 561: Advanced Computer Networks
Chapter 4: Network Layer
COS 461: Computer Networks
BGP Instability Jennifer Rexford
Computer Networks Protocols
Presentation transcript:

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006

Outline BGP Security Issues Selective Dropping Attack Detecting Selective Dropping Attack Evaluation of IANP on DETER Conclusion

BGP Security Issues BGP4 (RFC1771) Inter-domain routing, Autonomous System Path vector protocol, shortest path Policy based routing [Gao’s] E.g. customer will not export routes learned from one provider to another Messages of interests: (BGP updates) ANNOUNCE: AS_PATH, PREFIX WITHDRAW: PREFIX

BGP Security Issues Vulnerabilities No encryption: eavesdropping No timestamp: replaying No signature: masquerading MOAS -- multiple origin AS Selective dropping Proposed Solutions S-BGP, So-BGP, Pretty Good BGP

Selective Dropping Attack AS3 use path for prefix 1 Link 1-2 break AS2 filters WITHDRAW PREFIX1 to AS3 AS3 still use stale path for prefix 1 AS2 has full control of traffic from AS3 for prefix 1 AS1 Prefix 1 AS2 Prefix 2 AS3 Prefix 3 AS4 Prefix 4 W: 1

Detecting Selective Dropping Attack Instability Analysis with Neighbor Probing Identify key events by BGP message volume at particular monitor node Use locating instability alg. [Mao’s] to locate an instability e.g. a link break Check instability against a monitor’s routing table to detect poisoned routes, correct it if found e.g. a route using the broken link Issue warning msg to neighbors when suspecting a selective dropping attack (msg. includes instability info.) Issue probing msg to neighbors when locating alg. fails to find the source of instability (msg. includes burst period)

Detecting Selective Dropping Attack Instability Analysis 1-2 link breaks At AS4, we know Routes not changed: to prefix 1 via AS1, 4-1 to prefix 5 via AS1, … {1-4,1-5, …} candidate stable set Routes changed: to prefix 2 via AS1,  {1-2} candidate instable set for prefix 2 So, ∩candidate instable per prefix – U candidate stable per prefix = {1-2} is instable, flood warnings AS1 Prefix 1 AS2 Prefix 2 AS3 Prefix 3 AS4 Prefix 4 W: 1 AS5 Prefix 5

Detecting Selective Dropping Attack Compute instable Classify events Compute instable final instable

Detecting Selective Dropping Attack Detecting Malicious Routes AS4 finds 1-2 link break, warning msg. reaches AS3, AS3 routing table has Disable route Use route AS1 Prefix 1 AS2 Prefix 2 AS3 Prefix 3 AS4 Prefix 4 W: 1 AS5 Prefix 5

Detecting Selective Dropping Attack probing Possible warning

Detecting Selective Dropping Attack Warning and probing If can’t locate the source of instability, probe neighbors within Q hops (e.g. Q=1) If suspects an attack, warn neighbors within K hops (e.g. K=2) Router scoring Score BGP router reputation by counting warning messages

Evaluation of IANP on DETER Setup 3 30-node topologies generated by BRITE Emulation on DETER using Quagga package 10 experiments per topology In each exp., one link is broken and one node launches a selective dropping attack against a neighbor node Post processing BGP messages and routing table using IANP module Warning neighbors within 2 hops Metric Damage Cost = # of poisoned best routes / # of total best routes # of total best routes= 30*29

Evaluation of IANP on DETER Test 1: 14 drops messages to 15

Evaluation of IANP on DETER Test 1: W1= unable to locate instability, DC = damage cost

Evaluation of IANP on DETER Test 2: 16 drops messages to 23

Evaluation of IANP on DETER Test 2: W1= unable to locate instability, DC = damage cost

Evaluation of IANP on DETER Test 3: 15 drops messages to 23

Evaluation of IANP on DETER Test 3: W1= unable to locate instability, DC = damage cost

Evaluation of IANP on DETER Overall performance Without IANP 0-30% ASes can’t find broken link Damage is range from % With IANP no warning Failure of finding broken link decrease by 0-23% Damage cost is very low, max=4.8%, mostly < 2.0% With IANP and warning Everyone can find the broken link Damage cost decreases to 0

Conclusion Encryption and authentication do not mitigate selective dropping attack Instability analysis is useful information in selective dropping attack IANP standalone version reduces damage cost IANP warning version reduces damage cost to 0 IANP is promising, and worth further research Impact of warning scope damage cost message overhead Deployment of IANP based on internet topology hierarchy Large scale simulation on internet scale