Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.

Published byCecil Lambert Logan Modified over 9 years ago

Similar presentations

Presentation on theme: "How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir."— Presentation transcript:

1 How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir

2 Main Purpose Think like a normal node: Security analysis of nowadays inter-domain routing protocols Think like a malicious node: Strategy and impact analysis of 1) attraction and 2) interception attacks.

3 Some Preliminaries AS (Autonomous System) Collection of connected IP prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet. BGP (Broadcast Gateway Protocol) Protocol used by ASes to find and announce paths.

4 I have 140.112.xx x.xxx I know a path towards 140.112.xxx. xxx 140.112. 123.45

5 Outline Modeling BGP Protocols Attraction Attack Interception Attack Finding the Optimal Attack Conclusion

6 Outline Modeling - Inter-domain routing - Routing policies - Threat Models BGP Protocols Attraction Attack Interception Attack Finding the Optimal Attack Conclusion

7 Inter-Domain Routing Graph Dataset: Real world AS topologies measurement Graph is relative static to protocol execution. Nodes Routing policy 1: Path ranking Routing policy 2: Export policy Edges Customer-Provider link Peer-to-peer link

8 Routing Policy Policies are different from ASes, but there are some global iron rules. Path Ranking 1.Loop avoiding 2.Local preference: customer > peer > provider 3.Shortest path 4.Tie break

9 Routing Policy Export Policy -AS should only be willing to load his own network with transit traffic if he gets paid to do so. -AS b will only announce a path via AS c to AS a if at least one of a and c are customers of b.

10 Threat Models Single manipulator, single victim Attraction attack Interception attack (attraction attack without ‘blackhole’ effect) Quantifying the impact of attack Fraction of traffic attracted to the manipulator.

11 Outline Modeling BGP Protocols - BGP - Origin Authentication - soBGP - S-BGP - Defensive filtering Attraction Attack Interception Attack Finding the Optimal Attack Conclusion

12 BGP Broadcast Gateway Protocol No validating, just naively trusts every information. Attack: Prefix hijack Impact: 75% traffic attracted.

13 Origin Authentication Requires a trusted database to guarantee the righteousness of prefix owning. Blunt hijackers. Only guarantee the ‘origin,’ i.e. the end node of a path. Attack: false path announcement Impact: 25% traffic attracted.

14 soBGP Secure Origin BGP Requires a trusted database to guarantee that the path physically exists. Attack: announce paths that do not obey the preference (customer > peer > provider.) Impact: 10% traffic attracted.

15 S-BGP Secure BGP Using cryptographic signatures to guarantee that the path is righteously announced. Attack: announce paths that do not obey the business model. (Announce a shorter, expensive provider path, while actually forwarding traffic on the cheaper, longer customer path.) Impact: 1.7% traffic attracted.

16 Defensive Filtering This is not a protocol but rather a policy. Stub AS: AS that does not have any customers. Defensive filtering = Blocking stub announcements The usefulness of this policy will be shown later.

17 Outline Modeling BGP Protocols Attraction Attack - Strategy - Performance - Possible effecting factors Interception Attack Finding the Optimal Attack Conclusion

18 Strategy “Shortest-Path Export-All” Announce the shortest path that will not be detected as bogus. Exports the paths to every neighbor.

19 Performance DF is crucial (85% ASes are stubs) BGP: uniform dist. soBGP & S-BGP: identical. Probability Fraction of Attraction P(Finding shorter path)

20 Possible Effecting Factors Path length Export policy Shortest-All vs. Normal-All Normal-All vs. Normal-Normal Export policy dominates path length. Probability S-BGP

21 Outline Modeling BGP Protocols Attraction Attack Interception Attack - Avoiding blackhole effect - Strategy - Performance Finding the Optimal Attack Conclusion

22 Avoiding Blackhole Effect blackhole

23 Avoiding Blackhole Effect Taking the “Shortest -path, Export-all” strategy. Tier 1 AS: > 250 customers Tier 2 AS: > 25 customers The probabilities of blackhole effect on different types of manipulators are different. The result is supported by [Gao01]

24 Strategy “Shortest-Available-path, Export-all” Mimicking soBGP and S-BGP to only announce available paths. “Hybrid Interception“ 1.Run “Shortest-path, Export-all” 2.Check if an available path exists, if yes, announce; if no, continue. 3.Run “Shortest-Available-path, Export-all”

25 Performance Announce All: ignore blackhole effect. Hybrid Interception: > 10% attracted for more than half chance!

26 Outline Modeling BGP Protocols Attraction Attack Interception Attack Finding the Optimal Attack Strategy - Longer path announcement - Export to fewer neighbors - Exploiting loop detection - Finding the optimal attack is NP-Hard Conclusion

27 Finding The Optimal Attack Strategy So far, the strategies we introduced (for both attraction and interception attack) are still far from optimal but rather heuristic guesses. For some cases, strategies that are against our intuition may have more severe impact. -Longer path announcement -Fewer exporting -Exploiting the loop detection mechanism

28 Longer Path Announcement soBGP, S-BGP running Short: (m,a1,v,Prefix); Long: (m,a2,a3,v,Prefix) Customer edge is more preferred than peer 16% attraction -> 56% Short Long

29 Export to Fewer Neighbors soBGP, S-BGP running All: T1a,T2a,T2,v; Fewer: T1a,T2a,T2,v Forcing T2 to detour, making it unpopular. 40% attraction -> 50% Export All Export fewer

30 Exploiting Loop Detection BGP running (hijacking) Normal: (m,Prefix); Loop: (m,a2,Prefix) Paralyzing a2-a1, making T1a more popular. 32010 attractions -> 32370 Normal Loop

31 Finding The Optimal Attack is NP-Hard [Goldberg10] and [Gao01] Sketch of proof The ‘DILEMMA’ pattern

32 Outline Modeling BGP Protocols Attraction Attack Interception Attack Finding the Optimal Attack Conclusion

33 Nowadays BGPs are still not capable with dealing Inter-domain traffic attacks. - Hard to detect - Hard to define This work only provides lower bounds of the impacts of attack, which is already concerning enough. The complexity of finding the optimal attack strategy is proofed to be NP-hard, which means that the competition between manipulators and defenders may never ends.

Download ppt "How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir."

Similar presentations

A Threat Model for BGPSEC

A Threat Model for BGPSEC
A Threat Model for BGPSEC Steve Kent BBN Technologies.

A Threat Model for BGPSEC Steve Kent BBN Technologies.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
How Secure are Secure Interdomain Routing Protocols? B96209044 大氣四 鍾岳霖 B97703099 財金三 婁瀚升 1.

How Secure are Secure Interdomain Routing Protocols? B 大氣四 鍾岳霖 B 財金三 婁瀚升 1.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.

Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.

Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.
Part II: Inter-domain Routing Policies. March 8, 20042 What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!

Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:

1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:

Similar presentations

Ads by Google