Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Structure Preserving Anonymization of Router Configuration Data David A. Maltz, Jibin Zhan, Geoffrey Xie, Hui Zhang Carnegie Mellon University Gisli.

Published byBlaze Shelton Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Structure Preserving Anonymization of Router Configuration Data David A. Maltz, Jibin Zhan, Geoffrey Xie, Hui Zhang Carnegie Mellon University Gisli."— Presentation transcript:

1 1 Structure Preserving Anonymization of Router Configuration Data David A. Maltz, Jibin Zhan, Geoffrey Xie, Hui Zhang Carnegie Mellon University Gisli Hjalmtysson, Albert Greenberg, Jennifer Rexford ATT Labs Research

2 2 Why Configuration Files are Valuable Configuration file = program loaded on each router Controls operation of router Controls interactions between routers Configuration files allow researchers to study of the details of real networks The problem is getting access to them We have developed a technique for anonymizing configuration files We have a proposal for how configs could be made accessible to the research community

3 3 Why Configuration Files are Valuable - 2 The set of configurations defines the network Captures many of the network’s properties –Topology (node degree, interconnectivity) –Policies (CoS, QoS, packet filters, reachability) –Routing (neighbors, OSPF weights, BGP policies) –Security (vulnerabilities, mitigations) Only source of insight for Enterprise networks 10K+ networks that are currently a mystery Interesting! 10 – 1200 routers, global scale Configs are the only way to look at them –Networks firewalled, external probes dropped

4 4 Topology Router 1 ConfigRouter 2 Config Internet interface Serial2/1.5 ip address 1.1.1.2/30 interface Serial1/0.5 ip address 1.1.1.1/30

5 5 Quality of Service class-map GoodCustomer match access-group 136 policy-map GoldService class GoodCustomer bandwidth 2000 queue-limit 40 class class-default fair-queue 16 queue-limit 20 interface Serial0/0 service-policy output GoldService CB-WFQ policy name CB-WFQ parameters Class definition

6 6 Routing router bgp 65501 neighbor EdgeSwitch peer-group neighbor EdgeSwitch remote-as 64740 neighbor EdgeSwitch distribute-list 11 in neighbor EdgeSwitch route-map exportRoutes out neighbor 192.168.96.8 peer-group EdgeSwitch neighbor 192.168.96.9 peer-group EdgeSwitch neighbor 10.217.248.14 remote-as 65500 neighbor 10.217.248.14 ebgp-multihop 5 AS Numbers Policies Peers

7 7 Security Issues access-list 143 deny 53 any any access-list 143 deny 55 any any access-list 143 deny 77 any any access-list 143 permit ip any any interface Serial0.2 multipoint ip access-group 143 in ip address 66.248.162.13 255.255.255.224 interface Ethernet0 ip address 144.201.41.59 255.255.255.0 Access list 143: Drops packets that can attack Cisco interfaces This interface is safe This interface is not

8 8 How to Get Configuration Files? Considered proprietary secrets of network owners Discloses business strategy Discloses vulnerabilities Anonymization breaks tie between data and owner Anonymized configs will show some network is vulnerable, but which/where to attack? We developed method for anonymizing configuration files Approach convinced some customers of ATT to disclose their configs to CMU researchers

9 9 Anonymization Challenges We don’t know the intended use of the data Must anonymize entire configuration file A customized data set is easier to anonymize Must preserve structure of information in files Relationships of identifiers inside/between files IP address subnet relationships Traditional parsing tools are of no use No published grammar for Cisco IOS 200+ different versions seen in 31 networks

10 10 Anonymize Non-numeric Tokens Created “pass list” of words by string-scraping Cisco’s web pages Contains most IOS commands Other words are generic networking terms (“IETF”) All tokens not in pass list are hashed with salted SHA1 router bgp 64780 redistribute ospf 64 match route-map NYOffice neighbor 1.2.3.4 remote-as 701 route-map NYOffice deny 10 match ip address 4 router bgp 64780 redistribute ospf 64 match route-map 8aTzlvBrbaW neighbor 66.253.160.68 remote-as 701 route-map 8aTzlvBrbaW deny 10 match ip address 4

11 11 Anonymize Specific Numbers Most numbers are harmless, some reveal identity Public AS numbers Phone numbers (NOCs, backup modems) 26 rules used to find and anonymize context-dependent items "neighbor\\s+$ipAddrPatt\\s+remote-as" " neighbor\s+\w+\s+remote-as " router bgp 64780 redistribute ospf 64 match route-map NYOffice neighbor 1.2.3.4 remote-as 701 route-map NYOffice deny 10 match ip address 4 router bgp 64780 redistribute ospf 64 match route-map 8aTzlvBrbaW neighbor 66.253.160.68 remote-as 1237 route-map 8aTzlvBrbaW deny 10 match ip address 4

12 12 Limits of Anonymization Anonymization is a lossy process Comments & meaningful identifiers removed (Were they right anyway???) Anonymizer preserves relationships it knows about Doesn’t know about IP addr ASN mapping A packet filter, based on IP address, and route policy, based on ASN, could target same AS Post-anonymization: both mechanisms preserved, but won’t show them targeting same AS (Router didn’t have that external information either)

13 13 Potential Vulnerabilities: Textual Attacks Identifying information left in configs Heuristics used as double-check Rules that anonymize public AS numbers record the public AS numbers they find Search post-anonymization file for any remaining occurrences

14 14 Potential Vulnerabilities: Fingerprinting Attacks Network characteristics (fingerprint) extracted from anonymized configs matched against public data Potential fingerprints BGP community strings Number of POPs, number of BGP peers Structure of address space utilization Others… Evaluation still in progress Seems like backbone networks are identifiable Seems like enterprise networks are not

15 15 A Clearinghouse for Configuration Data Website enforcing single-blind methodology Network owners Researchers Retrieve Anonymizer Anonymize & test configs Upload configs Run tools on site: Scalable, pictures Register with site Retrieve configs Analyze data Questions Results Blinded email Questions Results Blinded email Boot-strap with configs from academic/research institutions?

16 16 Questions?

17 17 Fingerprinting Attacks 1. For each anonymized network, compute fingerprint from anonymized config files Will be 100% accurate 2. Experimentally measure real networks BGP Peers per POP POPs (sorted by peers/POP) Data from networks in repository of anonymized configs

18 18 Fingerprinting Attacks Evaluation still in progress Seems like backbone networks are identifiable Seems like enterprise networks are not BGP Peers per POP POPs (sorted by peers/POP) Measured network characteristics

19 19 Anonymize Regular Expressions Some AS numbers appear in regular expressions Expressions w/ only private AS numbers ! no change Expressions w/ public AS numbers ! expand and anonymize ip as-path access-list 101 permit _70 [1-3]_ 1234, 543, 21 ip as-path access-list 101 permit _(1234|543|21)_ ip as-path access-list 99 permit _6451[2-9]_ 64512, 64513, … 64519 ip as-path access-list 99 permit _6451[2-9]_ Anonymize 701, 702, 703

20 20 Anonymize IP Addresses Extended Minshall’s prefix-preserving algorithm Made it class preserving Class A to Class A, etc. –RIP and older protocols are class-full Made it “subnet address” preserving Assume 128.2.0.0/16 is subnet We want 128.2.0.0 ! 150.7.0.0 Before extension, 128.2.0.0 ! 150.7.43.66

21 21 Anonymize IP Addresses - 2 Made it “special address” preserving Multicast, private address space Must fix collisions in mapping function IP Addr Special? Anonymize Y N Special? Y N

22 22 Anonymization Overview Minimize dependence on context If in-doubt, hash it out 1.Remove all comments 2.Find all IP addresses and hash using specialized prefix-preserving anonymization 3.Hash all non-numeric tokens not known to be safe 4.Anonymize specific numeric tokens using regular expressions 5.Anonymize regular expressions appearing in configs

23 23 Why Configuration Files are Valuable Configuration file = program loaded on each router Controls operation of router Controls interactions between routers The set of configurations defines the network Captures many of the network’s properties Policies, topology, routing, feature set Configs give insight on Enterprise networks These networks are currently a mystery Interesting things happen there Configs are the only way to look at them –Networks firewalled, with external probes dropped Configs allow study of the details of real networks

24 24 Anonymization Overview Minimize dependence on context If in-doubt, hash it out Use regular expressions to establish context when needed – examples: Remove all comments Anonymize public AS numbers (ASN)

25 25 Anonymize IP Addresses Extended Minshall’s prefix-preserving algorithm Made it class preserving Class A to Class A, etc. –RIP and older protocols are class-full Made it “subnet address” preserving If 128.2.0.0/16 is subnet, want 128.2.0.0 ! 150.7.0.0 Before extension, 128.2.0.0 ! 150.7.43.66 Made it “special address” preserving Multicast, private address space Must fix collisions in mapping function

Download ppt "1 Structure Preserving Anonymization of Router Configuration Data David A. Maltz, Jibin Zhan, Geoffrey Xie, Hui Zhang Carnegie Mellon University Gisli."

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 9: Access Control Lists Routing & Switching.
Basic IP Traffic Management with Access Lists

Basic IP Traffic Management with Access Lists
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
Middleware for Building Adaptive Systems Via Configuration An SAIC Company S. Narain R. Vaidyanathan S. Moyer A. Shareef K. Parmeswaran Internet Architecture.

Middleware for Building Adaptive Systems Via Configuration An SAIC Company S. Narain R. Vaidyanathan S. Moyer A. Shareef K. Parmeswaran Internet Architecture.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 4 – Implementing Firewall Technologies.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 4 – Implementing Firewall Technologies.
Policy Based Routing using ACL & Route Map By Group 7 Nischal (304360958) Pranali (304378534)

Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
1 Problems and Solutions in Enterprise Network Control: Motivations for a 4D Architecture David A. Maltz Microsoft Research Joint work with Albert Greenberg,

1 Problems and Solutions in Enterprise Network Control: Motivations for a 4D Architecture David A. Maltz Microsoft Research Joint work with Albert Greenberg,
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—5-1 Implementing Path Control Assessing Path Control Network Performance Issues.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—5-1 Implementing Path Control Assessing Path Control Network Performance Issues.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.
1 Network-wide Decision Making: Toward a Wafer-thin Control Plane Jennifer Rexford, Albert Greenberg, Gisli Hjalmtysson ATT Labs Research David A. Maltz,

1 Network-wide Decision Making: Toward a Wafer-thin Control Plane Jennifer Rexford, Albert Greenberg, Gisli Hjalmtysson ATT Labs Research David A. Maltz,
IP Network Configuration for Traffic Engineering Anja Feldmann Jennifer Rexford AT&T Labs - Research Presented by Zihui Ge 11/21/2000.

IP Network Configuration for Traffic Engineering Anja Feldmann Jennifer Rexford AT&T Labs - Research Presented by Zihui Ge 11/21/2000.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
The Cisco ACL. 1.The Cisco ACL is simply a means to filter traffic that crosses your router. 2.It has two major syntax types numbered and named lists.

The Cisco ACL. 1.The Cisco ACL is simply a means to filter traffic that crosses your router. 2.It has two major syntax types numbered and named lists.
Theophilus Benson Aditya Akella David A Maltz

Theophilus Benson Aditya Akella David A Maltz
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Routing. A world without networks and routing  No connection between offices, people and applications  Worldwide chaos because of the lack of centralized.

Routing. A world without networks and routing  No connection between offices, people and applications  Worldwide chaos because of the lack of centralized.

Similar presentations

Ads by Google