Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Secure are Secure Interdomain Routing Protocols? B96209044 大氣四 鍾岳霖 B97703099 財金三 婁瀚升 1.

Published byKelton Mey Modified over 9 years ago

Similar presentations

Presentation on theme: "How Secure are Secure Interdomain Routing Protocols? B96209044 大氣四 鍾岳霖 B97703099 財金三 婁瀚升 1."— Presentation transcript:

1 How Secure are Secure Interdomain Routing Protocols? B96209044 大氣四 鍾岳霖 B97703099 財金三 婁瀚升 1

2 Outline Introduction Model and Methodology Fooling BGP Security Protocols Smart Attraction Attack Smart Interception Attack Smart Attack Are Not Optimal Finding Optimal Attack is Hard Implementation Issues Conclusion 2

3 Introduction BGP Quantifying – Worst Case Comparison – Traffic Flow: Routing, Business, AS-path Thinking like a Manipulator Finding and Recommendations 3

4 Model and Methodology Modeling Interdomain Routing – AS Graph – Establishing Path – Business Relationship: C > P2P > P Modeling Routing Policies – Ranking: LP, SP, TB – Local Preference: GR3, C > P2P > P – Export Policy: GR2,at least 1 Customer 4

5 5

6 Model and Methodology Threat Model – 1 Manipulator – Normal ASes, Normal Path – Attration and Interception – Fraction Attracted Attack Strategy: – Unavailable or Non-existent Path – Available but not Normal – Export Policies 6

7 Experiment on Empirical AS Graph – Average Case Analysis – Random Chosen Pairs – Multiple Dataset 7 Model and Methodology

8 Fooling BGP Security Protocols BGP: No validation → False Path Origin Authentication: Prefix Owner → Clain to be the closest soBGP: OrAuth, Path Existence → Exist, Unavail. 8

9 Fooling BGP Security Protocols S-BGP: Path Verification: abc if bc sent to a → Shorter Path Data Plane Verification → Also Forward Defensive Filter : No Stub 9

10 Smart Attraction Attack Shortest-Path Export All Underestimation Defensive Filtering : Crucial Different Strategy to Different Protocols 10

11 11

12 Smart Attraction Attack SBGP: Hard to find Shorter, Not Opt. Export Policy Matters More Different Sized Manipulator : Tier 2 Different Sized Victim : Tier 1 vs Tier2 12

13 A stub that creates a blackhole 13 Smart Interception Attack

14 Stub Make Blackhole : Failure Blackhole or Not 14

15 Smart Interception Attack 2 Strategies: – Shortest Available Path Export All – Hybrid Interception Attack Strategy Evaluation 15

16 Smart Attack are Not Optimal Longer Path might be better Exporting less might be better Gaming Loop Detection 16

17 17

18 Exporting less might be better 18

19 Gaming Loop Detection 19

20 But.... Finding Optimal Attack : NP-Hard Realistic ? Implementation Issues – OrAuth with RPKI/ROA – Defendive Filtering in Practice – Trust Model 20

21 Conclusion secure routing protocols (e.g., soBGP and S-BGP) should be deployed in combination with mechanisms that police export policies (e.g., defensive filtering) defensive filtering to eliminate attacks by stub ASes, and secure routing protocols to blunt attacks launched by larger ASes 21

22 Q&A 22

Download ppt "How Secure are Secure Interdomain Routing Protocols? B96209044 大氣四 鍾岳霖 B97703099 財金三 婁瀚升 1."

Similar presentations

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
PortLand: A Scalable Fault- Tolerant Layer 2 Data Center Network Fabric B97703099 財金三 婁瀚升 1.

PortLand: A Scalable Fault- Tolerant Layer 2 Data Center Network Fabric B 財金三 婁瀚升 1.
Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”

A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.

Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.

Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Part II: Inter-domain Routing Policies. March 8, 20042 What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!

Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira (Yale University and UC Berkeley) Joint work with Yaping Zhu and Jennifer Rexford.

Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira (Yale University and UC Berkeley) Joint work with Yaping Zhu and Jennifer Rexford.
1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.

Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.
Don’t Secure Routing, Secure Data Delivery Dan Wendlandt (CMU) With: Ioannis Avramopoulos (Princeton), David G. Andersen (CMU), and Jennifer Rexford (Princeton)

Don’t Secure Routing, Secure Data Delivery Dan Wendlandt (CMU) With: Ioannis Avramopoulos (Princeton), David G. Andersen (CMU), and Jennifer Rexford (Princeton)

Similar presentations

Ads by Google