Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 1 Vitaly Shmatikov CS 378 Routing Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Slide 1 Vitaly Shmatikov CS 378 Routing Security."— Presentation transcript:

1 slide 1 Vitaly Shmatikov CS 378 Routing Security

2 slide 2 Network of Networks uInternet is a network of networks Autonomous system (AS) is a collection of IP networks under control of a single administrator (e.g., ISP) ASes connect through Internet Exchange (IX), Network Access Points (NAP), Metropolitan Area Exchange (MAE) local network Internet service provider (ISP) backbone ISP local network

3 slide 3 Routing Through the Network uIP address is a 32-bit host identifier (IPv4) 128-bit identifier in IPv6 uRouting protocols propagate information about routes to hosts and networks Host is identified by IP address, network by IP prefix uMany types of routing protocols Distance vector, link-state, path vector uBGP (Border Gateway Protocol) is one of the core routing protocols on the Internet Inter-domain routing between different ASes

4 slide 4 Distance-Vector Routing uEach node keeps vector with distances to all nodes uPeriodically sends distance vector to all neighbors uNeighbors send their distance vectors, too; node updates its vector based on received information Bellman-Ford algorithm: for each destination, router picks the neighbor advertising the cheapest route, adds his entry into its own routing table and re-advertises Used in RIP (routing information protocol) uSplit-horizon update Do not advertise a route on an interface from which you learned the route in the first place!

5 slide 5 A: 0A: 1A: 2A: 3A: 4A: 5 11111 G1G2G3G4G5 Good News Travels Fast uG1 advertises route to network A with distance 1 uG2-G5 quickly learn the good news and install the routes to A via G1 in their local routing tables uG1 advertises route to network A with distance 1 uG2-G5 quickly learn the good news and install the routes to A via G1 in their local routing tables

6 slide 6 A: 0A: 1A: 2A: 3A: 4A: 5 1111 G1G2G3G4G5 Bad News Travels Slowly uG1’s link to A goes down uG2 is advertising a pretty good route to G1 (cost=2) uG1’s packets to A are forever looping between G2 and G1 uG1 is now advertising a route to A with cost=3, so G2 updates its own route to A via G1 to have cost=4, and so on G1 and G2 are slowly counting to infinity Split-horizon updates only prevent two-node loops Exchange routing tables

7 slide 7 Overview of BGP uBGP is a path-vector protocol between ASes uJust like distance-vector, but routing updates contain an actual path to destination node List of traversed ASes and a set of network prefixes belonging to the first AS on the list uEach BGP router receives UPDATE messages from neighbors, selects one “best” path for each prefix, and advertises it to the neighbors Can be shortest path, but doesn’t have to be –“Hot-potato” vs. “cold-potato” routing AS doesn’t have to use the path it advertises!

8 slide 8 BGP Example [D. Wetherall] uAS 2 provides transit for AS 7 Traffic to and from AS 7 travels through AS 2 34 6 5 7 1 82 7 7 2 7 3 2 7 6 2 7 2 6 5 3 2 6 5 7 2 6 5 6 5 5 5

9 slide 9 Some BGP Statistics uBGP routing tables contain about 125,000 address prefixes mapping to about 17-18,000 paths uApprox. 10,000 BGP routers uApprox. 2,000 organizations own AS uApprox. 6,000 organizations own prefixes uAverage route length is about 3.7 u50% of routes have length less than 4 ASes u95% of routes have length less than 5 ASes

10 slide 10 BGP Issues uBGP convergence problems Protocol allows policy flexibility Some legal policies prevent convergence Even shortest-path policy converges slowly uIncentive for dishonesty ISP pays for some routes, others free uSecurity problems Potential for disruptive attacks

11 slide 11 Evidence: Asymmetric Routes AliceBob uAlice, Bob use cheapest routes to each other uThese are not always shortest paths uAsymmetic routes are prevalent AS asymmetry in 30% of measured routes Finer-grained asymmetry far more prevalent

12 slide 12 Side Note: TCP Congestion Control uIf packets are lost, assume congestion Reduce transmission rate by half, repeat If loss stops, increase rate very slowly Design assumes routers blindly obey this policy Source Destination

13 slide 13 Protocol Rewards Dishonesty uAmiable Alice yields to boisterous Bob Alice and Bob both experience packet loss Alice backs off Bob disobeys protocol, gets better results Source A Source B Destination

14 slide 14 BGP Threats: Misconfiguration uMisconfiguration: AS advertises good routes to addresses it does not known how to reach Result: packets go into a network “black hole” uApril 25, 1997: “The day the Internet died” AS7007 (Florida Internet Exchange) de-aggregated the full BGP table and re-advertised all prefixes as if it originated paths to them In effect, AS7007 was advertising that it has the best route to every host on the Internet Huge network instability as incorrect routing data propagated and routers crashed under traffic

15 slide 15 BGP Threats: Security uBGP update messages contain no authentication or integrity protection uAttacker may falsify the advertised routes Modify the IP prefixes associated with the route –Can blackhole traffic to certain IP prefixes Change the AS path –Either attract traffic to attacker’s AS, or divert traffic away –Interesting economic incentive: an ISP wants to dump its traffic on other ISPs without routing their traffic in exchange Re-advertise/propagate AS path without permission –For example, multi-homed customer may end up advertising transit capability between two large ISPs

16 slide 16 Protecting BGP uSimple authentication of packet sources and packet integrity is not enough uBefore AS advertises a set of IP addresses, the owner of these addresses must authorize it Goal: verify path origin uEach AS along the path must be authorized by the preceding AS to advertise the prefixes contained in the UPDATE message Goal: verify propagation of the path vector

17 slide 17 S-BGP Protocol [Kent, Lynn, Seo] uAddress attestation Owner of one or more prefixes certifies that the origin AS is authorized to advertise the prefixes Need a public-key infrastructure (PKI) –X.509 certificates prove prefix ownership; owner can then delegate his “prefix advertising rights” to his ISP uRoute attestation Router belonging to an AS certifies (using digital signatures) that the next AS is authorized to propagate this route advertisement to its neighbors Need a separate public-key infrastructure –Certificates prove that AS owns a particular router

18 slide 18 S-BGP Update Message R6R6 R7R7 R8R8 S4S4 S5S5 S1S1 S2S2 S3S3 R9R9 R 10 R 12 AS 1 AS 2 uAn update message from R 9 advertising this route must contain: Ownership certificate certifying that some X owns IP address S 1 Signed statement from X that AS 1 is authorized to advertise S 1 Ownership certificate certifying that AS 1 owns router R 6 –If AS is represented by a router Signed statement from R 6 that AS 2 is authorized to propagate AS 1 ’s routes Ownership certificate certifying that AS 2 owns router R 9 Lots of public-key operations!

19 slide 19 Wormhole Attack on BGP uMultiple colluding malicious BGP routers exchange BGP update messages over a tunneled connection uRouters can claim better paths than actually exist Path vector is not increased by intermediate ASes when update message is tunneled through a “wormhole” uRoute attestation does not help! Malicious routers sign attestations for each other Host H AS4AS3AS2AS1 update I have a great route to H: AS4 - AS1 - H I attest that AS4 is authorized

Download ppt "Slide 1 Vitaly Shmatikov CS 378 Routing Security."

Similar presentations

Karlston D'Emanuele Distance Vector Routing Protocols Notes courtesy of Mr. Joe Cordina Password Removed www.uniunderground.com.

Karlston D'Emanuele Distance Vector Routing Protocols Notes courtesy of Mr. Joe Cordina Password Removed
Mechanism Design and Computer Security John Mitchell Vanessa Teague Stanford University.

Mechanism Design and Computer Security John Mitchell Vanessa Teague Stanford University.
Lecture 9 Overview. Hierarchical Routing scale – with 200 million destinations – can’t store all dests in routing tables! – routing table exchange would.

Lecture 9 Overview. Hierarchical Routing scale – with 200 million destinations – can’t store all dests in routing tables! – routing table exchange would.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Computer Networks with Internet Technology William Stallings

Computer Networks with Internet Technology William Stallings
Courtesy: Nick McKeown, Stanford

Courtesy: Nick McKeown, Stanford
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.
Routing So how does the network layer do its business?

Routing So how does the network layer do its business?
Computer Networking Lecture 10: Inter-Domain Routing

Computer Networking Lecture 10: Inter-Domain Routing
Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Exterior Gateway Protocols: EGP, BGP-4, CIDR Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Exterior Gateway Protocols: EGP, BGP-4, CIDR Shivkumar Kalyanaraman Rensselaer Polytechnic Institute.
Routing.

Routing.
14 – Inter/Intra-AS Routing

14 – Inter/Intra-AS Routing
04/05/20011 ecs298k: Routing in General... lecture #2 Dr. S. Felix Wu Computer Science Department University of California, Davis

04/05/20011 ecs298k: Routing in General... lecture #2 Dr. S. Felix Wu Computer Science Department University of California, Davis
Announcement r Project 2 Extension ? m Previous grade allocation: Projects 40% –Web client/server7% –TCP stack21% –IP routing12% Midterm 20% Final 20%

Announcement r Project 2 Extension ? m Previous grade allocation: Projects 40% –Web client/server7% –TCP stack21% –IP routing12% Midterm 20% Final 20%
1 Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.

1 Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.
CS 4700 / CS 5700 Network Fundamentals Lecture 9: Intra Domain Routing Revised 7/30/13.

CS 4700 / CS 5700 Network Fundamentals Lecture 9: Intra Domain Routing Revised 7/30/13.
1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)

1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)

Similar presentations

Ads by Google