how secure are secure interdomain routing protocols?
DESCRIPTION
How Secure are Secure Interdomain Routing Protocols?. B96209044 大氣四 鍾岳霖 B97703099 財金三 婁瀚升. Outline. Introduction Model and Methodology Fooling BGP Security Protocols Smart Attraction Attack Smart Interception Attack Smart Attack Are Not Optimal Finding Optimal Attack is Hard - PowerPoint PPT PresentationTRANSCRIPT
1
How Secure are Secure Interdomain Routing
Protocols?
B96209044 大氣四 鍾岳霖B97703099 財金三 婁瀚升
2
Outline• Introduction• Model and Methodology• Fooling BGP Security Protocols• Smart Attraction Attack• Smart Interception Attack• Smart Attack Are Not Optimal• Finding Optimal Attack is Hard• Implementation Issues• Conclusion
3
Introduction
• BGP• Quantifying– Worst Case Comparison– Traffic Flow: Routing, Business, AS-path
• Thinking like a Manipulator• Finding and Recommendations
4
Model and Methodology• Modeling Interdomain Routing– AS Graph– Establishing Path– Business Relationship: C > P2P > P
• Modeling Routing Policies– Ranking: LP, SP, TB– Local Preference: GR3 , C > P2P > P – Export Policy: GR2,at least 1 Customer
5
6
Model and Methodology• Threat Model– 1 Manipulator– Normal ASes, Normal Path– Attration and Interception– Fraction Attracted
• Attack Strategy:– Unavailable or Non-existent Path– Available but not Normal– Export Policies
7
• Experiment on Empirical AS Graph– Average Case Analysis– Random Chosen Pairs– Multiple Dataset
Model and Methodology
8
Fooling BGP Security Protocols
• BGP: No validation → False Path
• Origin Authentication: Prefix Owner → Clain to be the closest
• soBGP:OrAuth, Path Existence → Exist, Unavail.
9
Fooling BGP Security Protocols
• S-BGP: Path Verification: abc if bc sent to a → Shorter Path
• Data Plane Verification → Also Forward
• Defensive Filter : No Stub
10
Smart Attraction Attack• Shortest-Path Export All• Underestimation• Defensive Filtering : Crucial• Different Strategy to Different Protocols
11
12
Smart Attraction Attack• SBGP: Hard to find Shorter, Not Opt.• Export Policy Matters More• Different Sized Manipulator : Tier 2• Different Sized Victim : Tier 1 vs Tier2
13
• A stub that creates a blackholeSmart Interception Attack
14
Smart Interception Attack• Stub Make Blackhole : Failure
• Blackhole or Not
15
Smart Interception Attack• 2 Strategies:– Shortest Available Path Export All– Hybrid Interception Attack Strategy
• Evaluation
16
Smart Attack are Not Optimal• Longer Path might be better• Exporting less might be better• Gaming Loop Detection
17
18
Exporting less might be better
19
Gaming Loop Detection
20
But....• Finding Optimal Attack : NP-Hard• Realistic ?• Implementation Issues– OrAuth with RPKI/ROA– Defendive Filtering in Practice– Trust Model
21
Conclusion• secure routing protocols (e.g., soBGP
and S-BGP) should be deployed in combination with mechanisms that police export policies (e.g., defensive filtering)
• defensive filtering to eliminate attacks by stub ASes, and secure routing protocols to blunt attacks launched by larger ASes
22
Q&A