1 / 17

RPSEC

RPSEC. draft-murphy-threat-00.txt Sandra Murphy NAI Laboratories sandy@tislabs.com. Outline. Scope Routing Functions Threat Sources Threat Actions Threat Consequences. Scope. All routing protocols Intent: advise routing protocol designers about security

rjacqueline
Download Presentation

RPSEC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RPSEC draft-murphy-threat-00.txt Sandra Murphy NAI Laboratories sandy@tislabs.com

  2. Outline • Scope • Routing Functions • Threat Sources • Threat Actions • Threat Consequences

  3. Scope • All routing protocols • Intent: advise routing protocol designers about security • get them thinking about vulnerabilities • set requirements (MUST, SHOULD, MAY) • Intra- and Inter-domain (IGP and EGP) • Security of the protocol, not of the operational environment it works in

  4. Routing Functions • Transport subsystem • the subsystem that carries the data between routers • can be attacked - impact on routing protocol • can carry attack to the routing protocol • Neighbor state • determine peer and establish relationship • attacks can break relationship - disrupt routing • [typo: draft said BGP and CEASE msg]

  5. Routing Functions • Database maintenance • sometimes a separate step, sometimes an implicit result of the communication of topology info • like wireless keeping interesting routes • topology computation from database • Each function has control and data parts • different consequences from each

  6. Threat Sources • Outsider - not your peer • locally connected non-router host • locally connected router • distantly connected host(s) • distantly connected router • Insider • a peer • a peer’s peer • etc.

  7. Threat Source Capabilities • Insider • can transmit any bogus message to its peers • has context to help make believable message • “Byzantine” failure • Outsider • able to subvert unprotected transport • read, insert, replay, modify, etc.; -or- • insert but not read; -or- • so protect transport or protocol control plane

  8. Threat Actions • masquerade, interception, falsification, misuse, replay, • these are attacks foiled by security services: origin authentication, privacy, integrity, authorized use, and freshness)

  9. Threat Consequences • some consequences affect the network as a whole: network congestion blackhole looping partition disclosure churn instability overload

  10. Threat Consequences • some consequences affect one host or prefix: starvation eavesdrop cut delay looping

  11. Why Threat Sources • you can apply protections to eliminate one of another of the sources • administrative, physical, cryptographic, etc • usually by directing protections toward the capabilities

  12. Why Threat Actions • some actions can be prevented • authorization policies • coupled with strong authentication • some actions can be detected • auditing and logging • coupled with strong authentication

  13. Why Threat Consequences • different people care about different consequences • some protections will protect against some consequences and not against others • some proposed security solutions have been directed toward one or another of the consequences

  14. Comparison of Drafts - Sources • “insider” vs “compromised devices” • “outsider” vs “compromised link, unauthorized devices, masquerading devices” • but “beardd” says masquerade = unauthorized = compromised • distinction is needed if damage is different or protections are different or different capabilities, otherwise difference is not needed

  15. Comparison of Drafts - Actions • pretty much the same (came from same RFC)

  16. Comparison of Drafts- Consequence • use term in different ways - “murphy” is talking about the damage the network sees; “beardd” is talking about it in standard security terms

  17. Comparison of Drafts- Zone • “beardd” uses zone to depict extent of damage • not sure how we predict where damage is spread - relies on connectivity and topology and policy and ...

More Related