1 / 15

Security Issues in Control, Management and Routing Protocols

Security Issues in Control, Management and Routing Protocols. M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di Torino (Italy). presented by: Madalina Baltatu. Internet = “Insecurity”. TCP/IP protocols lack for security

lumina
Download Presentation

Security Issues in Control, Management and Routing Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di Torino (Italy) presented by: Madalina Baltatu

  2. Internet = “Insecurity” • TCP/IP protocols lack for security • control and routing protocols have minimal or non-existent authentication • TCP/IP flaws used to construct serious attacks at the network infrastructure • ... example: hosts/routers rely on IP source address for authentication • ... which can be easily spoofed

  3. ICMP • Internet Control Message Protocol • ICMP vital because IP is a “best-effort” service • ICMP used by IP nodes: • to report errors encountered while processing IP datagrams • to perform other network layer functions, such as diagnostics and monitoring • ICMP messages are encapsulated inside IP

  4. spoofed ICMP “port unreachable” Denial of Service attacker Internet client server Denial of Service

  5. change routing table spoofed TCP open spoofed ICMP “redirect” response TCP open subverted traffic from T to D attacker subverted Redirect source host T NET1 PG SG NET2 destination host D

  6. spoofed ICMP “echo request” “Smurf” attack intermediary (broadcast) network attacker’s network Internet target host IP broadcast to layer 2 broadcast storm of ICMP “echo replies”

  7. Source address “filtering” intermediary (broadcast) network attacker’s network Internet victim’s network IP source address filtering at one of the ISP router interfaces (RFC 2267)

  8. IP header type code checksum careful checks unused IP header and 64 bits of the original offending datagram Simple defence against ICMP attacks • Does an incoming ICMP error message really refer to a particular active traffic flow ?

  9. AuthenticatedICMP messages • IP source address of ICMP messages should be cryptographically authenticated • IPsec offers authentication services at the network layer; ICMP could use it • ICMP messages should be sent on IPsec SAs • problems: • SA negotiation overhead may be un-acceptable • ICMP traffic may not travel end-to-end • the intermediate systems involved may have prohibitive admission policies • IPsec SA granularity (type & code not supported)

  10. explicit SA for ICMP type 3, code 0 SA used by the offending IP traffic IKE Notify message IPsec protection for ICMP broken link Internet source G1 destination G2

  11. Security for intra-domain routing • routing security critical for the entire networking infrastructure • authentication mechanisms for RIP and OSPF • RIP is based on the distance vector algorithm (routing tables periodically exchanged between neighbour routers) • OSPF implements the shortest path algorithm (link state info is periodically distributed to all the routers of the AS via flooding)

  12. Security threats for routing protocols • outsiderattacks: an intruder masquerading as a router distributing incorrect routing info • insider attacks: mounted by a subverted or compromised router • consequences: • compromised routing tables • DoS on hosts which trust the affected routers

  13. Protection • cryptographic checksums • against tampering with routing information • against generation of fraudulent routing information • sequence numbers and timestamps • against re-ordering and delaying genuine routing information • strong origin authentication • protection against intruders impersonating routers • confidentiality is typically not considered a primary requirement in routing security

  14. Routing security - general considerations • shared key-based cryptography (e.g., RIP-2): • significant amount of shared keys • manual key management can be a significant burden • automated key management not yet integrated with the forthcoming secure routing architecture • public key-based cryptography (e.g., OSPF): • comes at a high price • requests the set up of a PKI

  15. Conclusions • very serious attacks with ICMP and against routing protocols Solutions exists but are not applied! • strict traffic filtering against IP source address spoofing (RFC 2267) • education of the network managers • cryptography: key management protocols not generally adopted; standard PKI not yet agreed upon

More Related