1 / 33

How Secure are Secure Inter-Domain Routing Protocols?

How Secure are Secure Inter-Domain Routing Protocols?. SIGCOMM 2010 Presenter: kcir. Main Purpose. Think like a normal node : Security analysis of nowadays inter-domain routing protocols Think like a malicious node : Strategy and impact analysis of 1) attraction and 2) interception attacks.

yehudi
Download Presentation

How Secure are Secure Inter-Domain Routing Protocols?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. How Secure are Secure Inter-Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir

  2. Main Purpose • Think like a normal node: Security analysis of nowadays inter-domain routing protocols • Think like a malicious node: Strategy and impact analysis of1) attraction and 2) interception attacks.

  3. Some Preliminaries • AS (Autonomous System)Collection of connected IP prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet. • BGP (Broadcast Gateway Protocol)Protocol used by ASes to find and announce paths.

  4. I have 140.112.xxx.xxx I know a path towards 140.112.xxx.xxx I know a path towards 140.112.xxx.xxx I know a path towards 140.112.xxx.xxx I know a path towards 140.112.xxx.xxx 140.112.123.45

  5. Outline • Modeling • BGP Protocols • Attraction Attack • Interception Attack • Finding the Optimal Attack • Conclusion

  6. Outline • Modeling- Inter-domain routing- Routing policies- Threat Models • BGP Protocols • Attraction Attack • Interception Attack • Finding the Optimal Attack • Conclusion

  7. Inter-Domain Routing Graph • Dataset: Real world AS topologies measurement • Graph is relative static to protocol execution. Nodes • Routing policy 1: Path ranking • Routing policy 2: Export policy Edges • Customer-Provider link • Peer-to-peer link

  8. Routing Policy • Policies are different from ASes, but there are some global iron rules. • Path Ranking • Loop avoiding • Local preference: customer > peer > provider • Shortest path • Tie break

  9. Routing Policy • Export Policy • AS should only be willing to load his own network with transit traffic if he gets paid to do so. • ASbwill only announce a path via AScto ASa if at least one of a and c are customers of b.

  10. Threat Models • Single manipulator, single victim • Attraction attack • Interception attack(attraction attack without ‘blackhole’ effect) • Quantifying the impact of attackFraction of traffic attracted to the manipulator.

  11. Outline • Modeling • BGP Protocols- BGP- Origin Authentication- soBGP- S-BGP- Defensive filtering • Attraction Attack • Interception Attack • Finding the Optimal Attack • Conclusion

  12. BGP • Broadcast Gateway Protocol • No validating, just naively trusts every information. Attack: Prefix hijack Impact: 75% traffic attracted.

  13. Origin Authentication • Requires a trusted database to guarantee the righteousness of prefix owning. • Blunt hijackers. • Only guarantee the ‘origin,’ i.e. the end node of a path. Attack: false path announcement Impact: 25% traffic attracted.

  14. soBGP • Secure Origin BGP • Requires a trusted database to guarantee that the path physically exists. Attack: announce paths that do not obey the preference (customer > peer > provider.) Impact: 10% traffic attracted.

  15. S-BGP • Secure BGP • Using cryptographic signatures to guarantee that the path is righteously announced. Attack: announce paths that do not obey the business model. (Announce a shorter, expensive provider path, while actually forwarding traffic on the cheaper, longer customer path.) Impact: 1.7% traffic attracted.

  16. Defensive Filtering • This is not a protocol but rather a policy. • Stub AS: AS that does not have any customers. • Defensive filtering = Blocking stub announcements The usefulness of this policy will be shown later.

  17. Outline • Modeling • BGP Protocols • Attraction Attack- Strategy- Performance- Possible effecting factors • Interception Attack • Finding the Optimal Attack • Conclusion

  18. Strategy “Shortest-Path Export-All” • Announce the shortest path that will not be detected as bogus. • Exports the paths to every neighbor.

  19. Performance Fraction of Attraction • DF is crucial (85% ASes are stubs) • BGP: uniform dist. • soBGP & S-BGP: identical. Probability P(Finding shorter path)

  20. Possible Effecting Factors • Path length • Export policy • Shortest-All vs. Normal-All • Normal-All vs. Normal-Normal Export policy dominates path length. Probability S-BGP

  21. Outline • Modeling • BGP Protocols • Attraction Attack • Interception Attack- Avoiding blackholeeffect- Strategy- Performance • Finding the Optimal Attack • Conclusion

  22. Avoiding Blackhole Effect • blackhole

  23. Avoiding Blackhole Effect • Taking the “Shortest-path, Export-all” strategy. • Tier 1 AS: > 250 customers • Tier 2 AS: > 25 customers • The probabilities of blackhole effect on different types of manipulators are different. • The result is supported by [Gao01]

  24. Strategy • “Shortest-Available-path, Export-all”Mimicking soBGP and S-BGP to only announce available paths. • “Hybrid Interception“ • Run “Shortest-path, Export-all” • Check if an available path exists, if yes, announce; if no, continue. • Run “Shortest-Available-path, Export-all”

  25. Performance • Announce All: ignore blackhole effect. • Hybrid Interception: > 10% attracted for more than half chance!

  26. Outline • Modeling • BGP Protocols • Attraction Attack • Interception Attack • Finding the Optimal Attack Strategy- Longer path announcement- Export to fewer neighbors- Exploiting loop detection- Finding the optimal attack is NP-Hard • Conclusion

  27. Finding The Optimal Attack Strategy • So far, the strategies we introduced (for both attraction and interception attack) are still far from optimal but rather heuristic guesses. • For some cases, strategies that are against our intuition may have more severe impact. • Longer path announcement • Fewer exporting • Exploiting the loop detection mechanism

  28. Longer Path Announcement • soBGP, S-BGP running • Short: (m,a1,v,Prefix); Long: (m,a2,a3,v,Prefix) • Customer edge is more preferred than peer • 16% attraction -> 56% Short Long

  29. Export to Fewer Neighbors • soBGP, S-BGP running • All: T1a,T2a,T2,v; Fewer: T1a,T2a,T2,v • Forcing T2 to detour, making it unpopular. • 40% attraction -> 50% Export All Export fewer

  30. Exploiting Loop Detection • BGP running (hijacking) • Normal: (m,Prefix); Loop: (m,a2,Prefix) • Paralyzing a2-a1, making T1a more popular. • 32010 attractions -> 32370 Loop Normal

  31. Finding The Optimal Attack is NP-Hard • [Goldberg10] and [Gao01] • Sketch of proof • The ‘DILEMMA’ pattern

  32. Outline • Modeling • BGP Protocols • Attraction Attack • Interception Attack • Finding the Optimal Attack • Conclusion

  33. Conclusion • Nowadays BGPs are still not capable with dealing Inter-domain traffic attacks.- Hard to detect- Hard to define • This work only provides lower bounds of the impacts of attack, which is already concerning enough. • The complexity of finding the optimal attack strategy is proofed to be NP-hard, which means that the competition between manipulators and defenders may never ends.

More Related