Presentation is loading. Please wait.

Presentation is loading. Please wait.

Finding Vulnerable Network Gadgets in the Internet Topology Author: Nir Amar Supervisor: Dr. Gabi Nakibly Author: Nir Amar Supervisor: Dr. Gabi Nakibly.

Published byBeryl Elizabeth Reynolds Modified over 9 years ago

Similar presentations

Presentation on theme: "Finding Vulnerable Network Gadgets in the Internet Topology Author: Nir Amar Supervisor: Dr. Gabi Nakibly Author: Nir Amar Supervisor: Dr. Gabi Nakibly."— Presentation transcript:

1 Finding Vulnerable Network Gadgets in the Internet Topology Author: Nir Amar Supervisor: Dr. Gabi Nakibly Author: Nir Amar Supervisor: Dr. Gabi Nakibly

2 Background  The Internet – composed of some 50,000 autonomous systems (AS).  An AS is a collection of networks and routers which are administered by a single authority, i.e., an ISP, a large corporation or a university.  The routing between the different ASes is done using a protocol called BGP.  The Internet – composed of some 50,000 autonomous systems (AS).  An AS is a collection of networks and routers which are administered by a single authority, i.e., an ISP, a large corporation or a university.  The routing between the different ASes is done using a protocol called BGP.

3 BGP and Relationships

4 Import, Routing and Export policies  Upon receiving a route update for a given set of subnets, needs to decide whether to accept this update (Import policy)  If the update is accepted, need to decide whether to use the proposed route. (routing policy)  If the this path is chosen for routing, need to determine whether to propagate the update to the neighboring As’s. ( export policies)  Upon receiving a route update for a given set of subnets, needs to decide whether to accept this update (Import policy)  If the update is accepted, need to decide whether to use the proposed route. (routing policy)  If the this path is chosen for routing, need to determine whether to propagate the update to the neighboring As’s. ( export policies)

5 How Secure are Secure Interdomain Routing Protocols?  Authors  Sharon Goldberg, Michael Schapira, Peter Hummon and Jennifer Rexford.  Intuition – Shortest Path, Export All  Counter-Intuitive Attacks  Attract More by Announcing Longer Paths  Attract More by Exporting to Less Neighbors  Authors  Sharon Goldberg, Michael Schapira, Peter Hummon and Jennifer Rexford.  Intuition – Shortest Path, Export All  Counter-Intuitive Attacks  Attract More by Announcing Longer Paths  Attract More by Exporting to Less Neighbors

6 Goal

7 Attacking BGP  BGP Attacks Classification  Attraction – Attract traffic  Interception – eavesdrop or tamper with traffic before forwarding it on to the legitimate destination.  Quantifying the impact of attacks  Attraction – Shortest Path, Export All  Interception – Shortest Path, Export All, with Connectivity.  BGP Attacks Classification  Attraction – Attract traffic  Interception – eavesdrop or tamper with traffic before forwarding it on to the legitimate destination.  Quantifying the impact of attacks  Attraction – Shortest Path, Export All  Interception – Shortest Path, Export All, with Connectivity. Middle Dst Src

8 Overall Sequence User parameters: Topology and Attack Simulate BGP using the SW model Assert (Non-deterministic Attack < Intuitive Attack) ExpiSat Counter intuitive attack

9 Findings and Results

10 Topology Generation  Time and Memory Consuming  Two non-deterministic decisions:  How many As'es are in the topology  What is the relation between each As'es pair?  Time and Memory Consuming  Two non-deterministic decisions:  How many As'es are in the topology  What is the relation between each As'es pair?  Characteristics for Reducing Topologies Size

11 Topology Generation – Example Cdcdcsdcdsc dscdscdsc 702 13030 43284 6757 432 654 236 756

12 Interception Attack – Intuitive Cdcdcsdcdsc dscdscdsc 702 13030 43284 6757 432 654 236 756

13 Interception Attack – Counter – Intuitive Cdcdcsdcdsc dscdscdsc 702 13030 43284 6757 432 654 236 756

14 Attack Generation – Interception Attack On Non-Deterministic Topology 702 13030 43284 6757 432 654 236 756

15 Attraction Attack – Intuitive Cdcdcsdcdsc dscdscdsc 702 13030 43284 6757 432 654 236 756

16 Note The topology and the attack creation are un-related!  The user can decide that he have a special topology that he want to find a counter- intuitive attack on it. The software allows such thing to happen.  Same for the case that the user have a specific attack (for example – shortest-path- export-all attack) that he would like to test it on several topologies. The topology and the attack creation are un-related!  The user can decide that he have a special topology that he want to find a counter- intuitive attack on it. The software allows such thing to happen.  Same for the case that the user have a specific attack (for example – shortest-path- export-all attack) that he would like to test it on several topologies.

17 Conclusion Generating non deterministic attacks. Find gadgets and Appropriate "smart / counter-intuitive" attacks using Software Verification tool Generating non deterministic topologies Succeeded to generate topologies (up to size 5-6) in my memory constraints,

18 The End.

Download ppt "Finding Vulnerable Network Gadgets in the Internet Topology Author: Nir Amar Supervisor: Dr. Gabi Nakibly Author: Nir Amar Supervisor: Dr. Gabi Nakibly."

Similar presentations

BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.

BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.
How Secure are Secure Interdomain Routing Protocols? B96209044 大氣四 鍾岳霖 B97703099 財金三 婁瀚升 1.

How Secure are Secure Interdomain Routing Protocols? B 大氣四 鍾岳霖 B 財金三 婁瀚升 1.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira Joint work with Yaping Zhu and Jennifer Rexford (Princeton University)

Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira Joint work with Yaping Zhu and Jennifer Rexford (Princeton University)
1 Interdomain Routing and Games Hagay Levin, Michael Schapira and Aviv Zohar The Hebrew University.

1 Interdomain Routing and Games Hagay Levin, Michael Schapira and Aviv Zohar The Hebrew University.
By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.

By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.
Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira (Yale University and UC Berkeley) Joint work with Yaping Zhu and Jennifer Rexford.

Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira (Yale University and UC Berkeley) Joint work with Yaping Zhu and Jennifer Rexford.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.

Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.
Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.

Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.
Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),
Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.

Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.
Internet Routing (COS 598A) Today: Interdomain Traffic Engineering Jennifer Rexford Tuesdays/Thursdays.

Internet Routing (COS 598A) Today: Interdomain Traffic Engineering Jennifer Rexford Tuesdays/Thursdays.

Similar presentations

Ads by Google