1 / 25

Dennis Beard & Yi Yang Presented by Marc DesRosiers November 2002

Known Threats to Routing Protocols. Dennis Beard & Yi Yang Presented by Marc DesRosiers November 2002. Outline. Threat Model Sources Actions Consequences Work to Date Generally Identifiable Threat Actions Multicast Routing Threat Actions Work in Progress

susanjohnson
Download Presentation

Dennis Beard & Yi Yang Presented by Marc DesRosiers November 2002

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Known Threats to Routing Protocols Dennis Beard&Yi Yang Presented by Marc DesRosiersNovember 2002

  2. Outline • Threat Model • Sources • Actions • Consequences • Work to Date • Generally Identifiable Threat Actions • Multicast Routing Threat Actions • Work in Progress • Threat Action against Control Planes • Other Specific Threat Actions

  3. Threat definition “A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.” Robert Shirey, RFC2828: Internet Security Glossary The RFC definitions are the basis for the expression of our model

  4. Threat Model

  5. Threat Model - Sources Intruders or malicious programs launched by the intruder • Compromised / subverted links • Compromised / subverted routers • Masquerading routers (illegitimately assumes identity/ role) • Unauthorized devices * A router may play multiple roles simultaneously

  6. Threat Model - Actions Attacks and other intentional malicious actions against the routing protocols • Address proper protocol design to mitigate threat • Need to identify external factor that protocol should protect • Deliberate exposure • Sniffing/ wiretapping • Traffic analysis • Spoofing • Falsification • Interference • Overload * An attacker may launch multiple actions simultaneously

  7. Threat Model - Consequences Compromises and the damage done by the malicious actions • Zones (impact to router(s), Autonomous System(s), Global) • Period (smaller, equal or greater than threat action duration) • Disclosure • Unauthorized access to routing info • Deception • Belief of false routing info • Disruption • Operation degradation or interruption • Usurpation • Control/ modification of legitimate router services / functions * An action may cause multiple consequences

  8. Work to Date – Generally Identifiable Threat Actions • Deliberate Exposure • Intentional release of routing information • Sniffing • Monitor routing exchange between legitimate routers • Traffic Analysis • Indirect access to routing info gained by monitoring data traffic • Spoofing • Assume other’s identity • Falsification • Declare invalid routing information • Interference • Impact routing exchanges • Overload • Place excessive burdens

  9. Deliberate Exposure • Intentional release of routing information to unauthorized devices • All attackers • Disclosure

  10. Sniffing/ Wiretapping • Monitor / record routing information • Compromised / subverted links • Disclosure

  11. Traffic Analysis • Analyze data traffic to learn routing information • Compromised / subverted links • Disclosure

  12. Spoof • Illegally assumes a legitimate router's identity • All attackers • Attackers become masquerading routers after successful spoof • Consequences: • Deception (on peer relationship) • Disclosure (on routing information)

  13. Falsification • Make and distribute invalid routing information • Sources: • Originator: All attackers except compromised / subverted links • Forwarder: all attackers • Consequences: • Deception • Usurpation • Disruption

  14. Interference • Inhibit routing exchanges • All attackers • Disruption

  15. Overload • Place excess burden • All attackers • Disruption

  16. Work to Date - Multicast Threat Actions • Introduction of misleading route information via non-existent (black hole) or incorrect routes is a key MC routing vulnerability • MC routing protocols are at least as susceptible as Unicast. Updates can be: • Fabricated • Modified • Replayed • Deleted • Snooped

  17. Work in Progress – Threat Actions against Control Planes • Unauthorized network mapping • Promiscuous mode and network topology • Instability in the routing protocols

  18. Work in Progress – Other Specific Threat Actions • Byzantine Failures • Discarding of control packets • Impersonation and Intrusion Monitoring

  19. In Closing… We have presented a model to: • Document threats & related consequences • Provide a format to help prioritize results • Enable a process to: • Address top threat actions • Make a decision on medium/ low threat actions • Must be included • Acceptable risk (future work)

  20. Next Step Need your input to address the following: • Structure • Content • Consolidation Thank You!

  21. Contributors • Dennis Beard – Nortel Networks • Yi Yang – Cisco Systems • Paul Knight – Nortel Networks • Ameya Pandit – Univ of Missouri • S. Ayyasamy – Univ of Missouri • Ayman Musharbash- Nortel Networks

  22. Backup Material

  23. Usurpation

  24. Good Security? or Something Else? The following are desirable events to the overall routing infrastructure, but are they security concerns to the routing protocol? • Topology Hiding – security or scalability/manageability or a business goal for revenue protection? • Data Consistency – router being able to detect and recover from inconsistent data received from other routers. Security or correctness? • Routing Information Policies – security or manageability? • Incremental Deployment – security or good configuration control?

  25. Another Approach to Identify Routing Protocol Threats Identify common subsystems in routing protocols. Example: • Transport subsystems • Neighbor state maintenance • Database maintenance • Routing state maintenance Next granularity, describe different categories and subcategories for each subsystem.

More Related