Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Interdomain Routing Security COS 461: Computer Networks Michael Schapira."— Presentation transcript:

1 Interdomain Routing Security COS 461: Computer Networks Michael Schapira

2 Goals of Today’s Lecture BGP security vulnerabilities Improving BGP security Difficulty of upgrading BGP

3 How Secure is Today’s Internet Routing? February 2008: Pakistan Telecom hijacks YouTube! YouTube Pakistan Telecom Pakistan Telecom Telnor Pakistan Telnor Pakistan Aga Khan University Aga Khan University Multinet Pakistan Multinet Pakistan The Internet I’m YouTube: IP 208.65.153.0/22 I’m YouTube: IP 208.65.153.0/22

4 How Secure is Today’s Internet Routing? What should have happened… YouTube Pakistan Telecom Pakistan Telecom Telnor Pakistan Telnor Pakistan Aga Khan University Aga Khan University Multinet Pakistan Multinet Pakistan I’m YouTube: IP 208.65.153.0/22 I’m YouTube: IP 208.65.153.0/22 X drop packets

5 How Secure is Today’s Internet Routing? What did happen… YouTube Pakistan Telecom Pakistan Telecom Telnor Pakistan Telnor Pakistan Aga Khan University Aga Khan University Multinet Pakistan Multinet Pakistan I’m YouTube: IP 208.65.153.0/22 I’m YouTube: IP 208.65.153.0/22 Pakistan Telecom Pakistan Telecom No, I’m YouTube! IP 208.65.153.0/24 No, I’m YouTube! IP 208.65.153.0/24

6 How Secure is Routing on the Internet Today? (2) China Telecom UK ISP Verizon 66.174.161.0/24 Verizon 66.174.161.0/24 London Internet Exchange

7 How Secure is Routing on the Internet Today? (2) April 2010 : China Telecom intercepts traffic China Telecom UK ISP Verizon 66.174.161.0/24 (and 50k other networks) Verizon 66.174.161.0/24 (and 50k other networks) Verizon 66.174.161.0/24 Verizon 66.174.161.0/24 This packet is destined for Verizon. London Internet Exchange

8 BGP Security Today Applying best common practices (BCPs) – Filtering routes by prefix and AS path, etc. This is not good enough! – Depends on vigilant application of BCPs … and not making configuration mistakes! – Doesn’t address fundamental problems, e.g., prefix hijacking!

9 Securing Internet Routing How to secure Internet routing? – Long standing agenda in the standards and research communities. Over the past 15 years, several secure Internet routing protocols have been proposed.

10 Securing Internet Routing The U.S. federal government is accelerating its efforts to secure the Internet's routing system … The effort … will secure the Internet's core routing protocol known as the Border Gateway Protocol (BGP). “BGP is one of the largest threats on the Internet. It's incredible, the insecurity of the routing system.” (Danny McPherson, CSO at Arbor Networks, Jan 2009)

11 The Internet AT&T Qwest Comcast Sprint Over 35,000 Autonomous Systems (ASes) Routing between ASes handled by the Border Gateway Protocol (BGP)

12 The Commercial Internet ASes sign long-term contracts. Neighboring pairs of ASes have: – a customer-provider relationship. – a peering relationship. peer providers customers peer Stub (~85% of ASes) ISP

13 $ Verizon 43284 UPC Init 7 AG Zurich Init 7 AG Zurich 20984 $ $ $$ IP Prefix customer peer provider Illustration

14 Verizon 43284 UPC Init 7 AG Zurich Init 7 AG Zurich 20984 UPC, Prefix Init 7, UPC, Prefix 43284, Init 7, UPC, Prefix Verizon, UPC, Prefix IP Prefix $ $ Routing with BGP 1)Prefer revenue generating routes 2)Prefer shorter routes

15 Verizon 43284 UPC Init 7 AG Zurich Init 7 AG Zurich 20984 20984,Verizon, UPC, Prefix IP Prefix $ $ X Losing $$ UPC, Prefix Init 7, UPC, Prefix 43284, Init 7, UPC, Prefix Verizon, UPC, Prefix Routing with BGP 1)Prefer revenue generating routes 2)Prefer shorter routes 3)Do not carry transit traffic for free

16 Origin Authentication Secure BGP BGP Secure Routing Protocols Secure Origin BGP Secure TraceRoute

17 Origin Authentication Secure BGP BGP In this lecture

18 Prefix Hijacking and Origin Authentication

19 IP Address Ownership and Hijacking IP address block assignment – Regional Internet Registries (ARIN, RIPE, APNIC) – Internet Service Providers Proper origination of a prefix into BGP – By the AS who owns the prefix – … or, by its upstream provider(s) in its behalf However, what’s to stop someone else? – Prefix hijacking: another AS originates the prefix – BGP does not verify that the AS is authorized – Registries of prefix ownership are inaccurate

20 a1a1 a1a1 a2a2 a2a2 v v a3a3 a3a3 m m IP v, Prefix a 2, m, Prefix m, Prefix m m $ $ ? IP Prefix victim Prefix Hijacking

21 Hijacking is Hard to Debug The victim AS doesn’t see the problem – Picks its own route – Might not even learn the bogus route May not cause loss of connectivity – E.g., if the bogus AS snoops and redirects – … may only cause performance degradation Or, loss of connectivity is isolated – E.g., only for sources in parts of the Internet Diagnosing prefix hijacking – Analyzing updates from many vantage points – Launching traceroute from many vantage points

22 How to Hijack a Prefix The hijacking AS has – Router with BGP session(s) – Configured to originate the prefix Getting access to the router – Network operator makes configuration mistake – Disgruntled operator launches an attack – Outsider breaks in to the router and reconfigures Getting other ASes to believe bogus route – Neighbor ASes do not discard the bogus route – E.g., not doing protective filtering

23 a1a1 a1a1 a2a2 a2a2 v v a3a3 a3a3 m m IP Prefix A secure database maps IP prefixes to owner ASes. Origin Authentication

24 Bogus Routes and Secure BGP

25 a1a1 a1a1 a2a2 a2a2 v v a3a3 a3a3 m m IP Prefix v, Prefix a 2, m, v, Prefix m, v, Prefix m m $ $ ? A secure database maps IP prefixes to owner ASes. Origin Authentication

26 Bogus AS Paths Remove ASes from the AS path – E.g., turn “701 3715 88” into “701 88” Possible motivations – Make the AS path look shorter than it is – Attract sources that normally try to avoid AS 3715 701 88 3715

27 Add ASes to the path – E.g., turn “701 88” into “701 3715 88” Possible motivations: – Trigger loop detection in AS 3715 – Make your AS look like is has richer connectivity 701 88 Bogus AS Paths

28 Public Key Signature: Anyone who knows v’s public key can verify that the message was sent by v. a1a1 a1a1 a2a2 a2a2 v v a3a3 a3a3 m m IP Prefix a 1 : (v, Prefix) m: (a 1, v, Prefix) Secure BGP Origin Authentication + cryptographic signatures

29 Secure BGP S-BGP can validate the order in which ASes were traversed. S-BGP can validate that no intermediate ASes were added or removed. S-BGP can validate that the route is recent.

30 Are We There Yet?

31 S-BGP Deployment Challenges Complete, accurate registries – E.g., of prefix ownership Public Key Infrastructure – To know the public key for any given AS Cryptographic operations – E.g., digital signatures on BGP messages Need to perform operations quickly – To avoid delaying response to routing changes Difficulty of incremental deployment – Hard to have a “flag day” to deploy S-BGP

32 Incremental Deployment? There is a necessary transition period. S-BGP must be backwards compatible with BGP Who upgrades first? Why?

33 a1a1 a1a1 a2a2 a2a2 a4a4 a4a4 a3a3 a3a3 a0a0 a0a0 Why should I upgrade if (security) benefits don’t kick in unless everyone else does? Pessimistic View S-BGP = IPv6? ISPs would be the ones forced to upgrade all of their equipment to support this initiative, but how would it benefit them? As commercial companies, if there is little to no benefit (potential to increase profit), why would they implement a potentially costly solution? The answer is they won’t. [http://www.omninerd.com/articles/Did_China_Hijack_15_of_the_Inter net_Routers_BGP_and_Ignorance]

34 Conclusions Internet protocols designed based on trust – The insiders are good guys – All bad guys are outside the network Border Gateway Protocol is very vulnerable – Glue that holds the Internet together – Hard for an AS to locally identify bogus routes – Attacks can have very serious global consequences Proposed solutions/approaches – Secure variants of the Border Gateway Protocol

35 One last thing… Harming Internet Routing Without Attacking BGP

36 Attacks on TCP and Data-Plane Attacks Attack TCP! – A BGP session runs over TCP. Do not forward traffic as advertised! – Drop packets! – Route packets along unannounced routes!

37

Download ppt "Interdomain Routing Security COS 461: Computer Networks Michael Schapira."

Similar presentations

CSE390 – Advanced Computer Networks

CSE390 – Advanced Computer Networks
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.

Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.
Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.

Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
The need for BGP AfNOG Workshops Philip Smith. “Keeping Local Traffic Local”

The need for BGP AfNOG Workshops Philip Smith. “Keeping Local Traffic Local”
1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
A Routing Control Platform for Managing IP Networks Jennifer Rexford Computer Science Department Princeton University

A Routing Control Platform for Managing IP Networks Jennifer Rexford Computer Science Department Princeton University
Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.

Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.
Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.

Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.
Internet Routing (COS 598A) Today: Routing Protocol Security Jennifer Rexford Tuesdays/Thursdays.

Internet Routing (COS 598A) Today: Routing Protocol Security Jennifer Rexford Tuesdays/Thursdays.
Inter-domain Routing security Problems Solutions.

Inter-domain Routing security Problems Solutions.
1 Interdomain Routing Security COS 461: Computer Networks Spring 2008 (MW 1:30-2:50 in COS 105) Jennifer Rexford Teaching Assistants: Sunghwan Ihm and.

1 Interdomain Routing Security COS 461: Computer Networks Spring 2008 (MW 1:30-2:50 in COS 105) Jennifer Rexford Teaching Assistants: Sunghwan Ihm and.

Similar presentations

Ads by Google