Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University August,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University August,"— Presentation transcript:

1 Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University August, 2006

2 2 Overview: Insecure Internet Infrastructure Border Gateway Protocol is important –BGP is the glue that holds the Internet together BGP is extremely vulnerable –Easy to inject false information –Easy to trigger routing instability Vulnerabilities are being exploited –Configuration errors and malicious attacks –Route hijacking, blackholes, denial-of-service, … Changing to a secure protocol is hard –Can’t have a flag day to reboot the Internet

3 3 Overview: Incrementally Deployable Solution Backwards compatibility –Work with existing routers and protocols Incentive compatibility –Offer significant benefits, even to the first adopter AS 3 AS 2 AS 1 BGP Inter-AS Protocol RCP Routing Control Platform tells routers how to forward traffic Use BGP to communicate with the legacy routers Use RCP to simplify management and enable new servicesUse RCP to detect (and avoid) suspicious routes Other ASes can deploy an RCP independently ASes with RCPs can cooperate to detect suspicious routes ASes can upgrade to secure interdomain routing protocol … all while still using BGP to control the legacy routers Distributed detection

4 4 Overview: Potential Security Impact Breaking the “flag day” stalemate –Viable approach to incremental deployment –Backwards compatible with the legacy routers –Incentive-compatible with goals of each AS Immediate benefits to participating ASes –Avoiding anomalous and suspicious routes –Secure routing with participating neighbors Tipping point leads to ubiquitous deployment –Increasing incentives for ASes to participate –Ultimately, full deployment of secure protocol Insights for other protocols (such as DNSSEC)

5 5 Technical Accomplishments: Outline Prototyping and deployment –Routing Control Platform (RCP) prototype –Virtual Network Infrastructure (VINI) platform Anomaly detection techniques –Pretty Good BGP (PGBGP) –Update-clustering algorithms Incremental deployability –Multi-path Interdomain ROuting (MIRO)

6 6 Accomplishment #1: Prototyping & Deployment RCP prototype –Prototype as extension to XORP/Vyatta –Learns BGP routers from neighbor ASes –Selects a “best route” for each router per prefix –API for anomaly detection and path selection Virtual Network Infrastructure (VINI) –Platform for demonstrating the RCP in operation –Shared WAN facility for network experimentation –Initial evaluation of the existing routing protocols –A step toward the NSF’s GENI backbone design AS 1 RCP

7 7 Accomplishment #2: Anomaly Detection Pretty Good BGP (PGBGP) –Maintain history of AS originating a prefix –Flag announcements with new AS as suspicious –Prefer “normal” routes over suspicious ones –Natural application to run on the RCP 1 2 3 5 4 12.34.0.0/16 prevent hijack

8 8 Accomplishment #2: Anomaly Detection (Cont.) Aggregation and analysis of route updates –A single event can trigger instability in routes to many destinations. High volume of updates makes this an MDS-algorithmic challenge. –Use statistical correlation to form clusters of routes that change frequently and (approx’ly) simultaneously. Provide tools to aid anomaly detection and root-cause diagnosis. –MDS clustering algorithms have been designed, implemented, and tested on RouteViews data. To be deployed in RCP.

9 9 Accomplishment #3: Incremental Deployability Multipath Interdomain Routing (MIRO) –Increase chance of learning a valid path –Availability providers advertise extra paths –Stub ASes direct packets on alternate paths Design of the protocol –RCP application running in participating ASes –Packet encapsulation to send packets on paths Evaluation of incremental deployment –Incremental deployment offers significant gains –Small set of large ASes see most of path diversity

10 10 Milestones, Deliverables, Schedule RCP prototype, and API to data- analysis engine Offline algorithms and upper bounds Identify today’s policies and select notation RCP with API to trust-management system Online analysis algorithm to detect anomalies Integrate policy language in trust management Deployment of RCP in operational networks Deploy online algorithm; create distributed Deploy in trust management system RCP Prototype Anomaly Detection Routing Policy Evaluate incentive compatibility Quantify gains of a partial deployment Investigate new secure inter-AS protocols Secure Routing Focus thus far For PGBGP and MIRO

11 11 Public Relations Activities NANOG presentation –PGBGP talk at NANOG in June 2006 –Discovered deployment opportunity at IXNM Interaction with ISPs and vendors –ISPs: AT&T, NLR, and Abilene –Vendors: XORP/Vyatta, Cisco, and Lucent –Natural focus for influencing interdomain routing Research publications –Anomaly detection (IEEE ICNP’06, ACM CIKM’06) –VINI (ACM SIGCOMM’06) –MIRO (ACM SIGCOMM’06)

12 12 Technology Transition Plans RCP: Routing Control Platform –Initial discussions with Cisco on RCP –Continued collaboration with AT&T –Possible deployment path with Vyatta (start-up) VINI: Virtual Network Infrastructure –Running on PlanetLab nodes in Abilene backbone –Deploying in six sites in National Lambda Rail –Planning dedicated bandwidth & ISP connectivity –A step toward the NSF’s GENI backbone design

13 13 Technology Transition Plans (Continued) PGBGP: Pretty Good BGP –Internet Alert Registry deployed and in use –Prototype in progress for IXNM exchange point –In discussion with Cisco about router support –… and using PGBGP to enable soBGP deployment MIRO: Multipath Interdomain ROuting –In discussion with Cisco about router extensions –Many of the building blocks are already available –IP-in-IP encapsulation & “add paths” BGP feature

14 14 Publication Activity: Published Papers Prototyping and deployment –“In VINI veritas: Realistic and controlled network experimentation” (ACM SIGCOMM, 2006) Anomaly detection –“Learning-based anomaly detection in BGP updates” (ACM SIGCOMM MineNet Workshop, 2005) –“A distributed reputation approach to cooperative Internet routing protection” (Workshop on Secure Network Protocols, 2005) –“Pretty Good BGP: Improving BGP by cautiously adopting routes” (IEEE International Conference on Network Protocols, 2006) –“Finding Highly Correlated Pairs Efficiently with Powerful Pruning” (ACM Conference on Information and Knowledge Management, 2006)

15 15 Publication Activity: Published Papers (Cont) Incrementally deployable security techniques –“Pretty Good BGP: Improving BGP by cautiously adopting routes" (IEEE International Conference on Network Protocols, 2006) –“Stealth probing: Efficient data-plane security for IP routing” (USENIX, May/Jun 06) –“MIRO: Multipath Interdomain ROuting” (ACM SIGCOMM, 2006) Incentive-compatible routing protocols –"Distributed algorithmic mechanism design” (Algorithmic Game Theory, 2007) –"Incentive-compatible interdomain routing" (ACM Conference on Electronic Commerce, 2006) BGP routing policies –“BGP policies in ISP networks” (IEEE Network, 2005)

16 16 DESCRIPTION / OBJECTIVES / METHODS Routing-Control Platform (RCP) Selects routes on behalf of routers Possible today on high-end PC Incrementally deployable security Speak BGP to the legacy routers Detect and avoid suspicious routes Update RCPs to use secure protocol DHS/Cyber Security IMPACT Internet-routing system is vulnerable Core communication infrastructure Very vulnerable to cyber attacks Hard to have “flag day” for upgrades Phased deployment of secure routing Network manager deploys locally Participating domains detect attacks Neighbor domains upgrade protocol Cyber Security R&D Incrementally Deployable Security for Interdomain Routing Network A BGP RCP Network B Secure routing protocol BUDGET & SCHEDULE TASK FY05FY06FY07 RCP prototype Anomaly detection Policy manager Secure routing Total cost

Download ppt "Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University August,"

Similar presentations

Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.

Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.

Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.
1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University January.

Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University January.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.

1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Don’t Secure Routing, Secure Data Delivery Dan Wendlandt (CMU) With: Ioannis Avramopoulos (Princeton), David G. Andersen (CMU), and Jennifer Rexford (Princeton)

Don’t Secure Routing, Secure Data Delivery Dan Wendlandt (CMU) With: Ioannis Avramopoulos (Princeton), David G. Andersen (CMU), and Jennifer Rexford (Princeton)
1 GENI: Global Environment for Network Innovations Jennifer Rexford On behalf of Allison Mankin (NSF)

1 GENI: Global Environment for Network Innovations Jennifer Rexford On behalf of Allison Mankin (NSF)
A Routing Control Platform for Managing IP Networks Jennifer Rexford Computer Science Department Princeton University

A Routing Control Platform for Managing IP Networks Jennifer Rexford Computer Science Department Princeton University
New Routing Architectures Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

New Routing Architectures Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ
Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University July.

Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I) Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University July.
1 Route Control Platform – IEEE CCW 2004 Route Control Platform Making an AS look and act like a router Aman Shaikh AT&T Labs - Research IEEE CCW 2004.

1 Route Control Platform – IEEE CCW 2004 Route Control Platform Making an AS look and act like a router Aman Shaikh AT&T Labs - Research IEEE CCW 2004.
Internet Routing (COS 598A) Today: Interdomain Traffic Engineering Jennifer Rexford Tuesdays/Thursdays.

Internet Routing (COS 598A) Today: Interdomain Traffic Engineering Jennifer Rexford Tuesdays/Thursdays.

Similar presentations

Ads by Google