1

How Secure are Secure Interdomain Routing

Protocols?

B96209044 大氣四 鍾岳霖B97703099 財金三 婁瀚升

2

Outline• Introduction• Model and Methodology• Fooling BGP Security Protocols• Smart Attraction Attack• Smart Interception Attack• Smart Attack Are Not Optimal• Finding Optimal Attack is Hard• Implementation Issues• Conclusion

3

Introduction

• BGP• Quantifying– Worst Case Comparison– Traffic Flow: Routing, Business, AS-path

• Thinking like a Manipulator• Finding and Recommendations

4

Model and Methodology• Modeling Interdomain Routing– AS Graph– Establishing Path– Business Relationship: C > P2P > P

• Modeling Routing Policies– Ranking: LP, SP, TB– Local Preference: GR3 , C > P2P > P – Export Policy: GR2,at least 1 Customer

5

6

Model and Methodology• Threat Model– 1 Manipulator– Normal ASes, Normal Path– Attration and Interception– Fraction Attracted

• Attack Strategy:– Unavailable or Non-existent Path– Available but not Normal– Export Policies

7

• Experiment on Empirical AS Graph– Average Case Analysis– Random Chosen Pairs– Multiple Dataset

Model and Methodology

8

Fooling BGP Security Protocols

• BGP: No validation → False Path

• Origin Authentication: Prefix Owner → Clain to be the closest

• soBGP:OrAuth, Path Existence → Exist, Unavail.

9

Fooling BGP Security Protocols

• S-BGP: Path Verification: abc if bc sent to a → Shorter Path

• Data Plane Verification → Also Forward

• Defensive Filter : No Stub

10

Smart Attraction Attack• Shortest-Path Export All• Underestimation• Defensive Filtering : Crucial• Different Strategy to Different Protocols

11

12

Smart Attraction Attack• SBGP: Hard to find Shorter, Not Opt.• Export Policy Matters More• Different Sized Manipulator : Tier 2• Different Sized Victim : Tier 1 vs Tier2

13

• A stub that creates a blackholeSmart Interception Attack

14

Smart Interception Attack• Stub Make Blackhole : Failure

• Blackhole or Not

15

Smart Interception Attack• 2 Strategies:– Shortest Available Path Export All– Hybrid Interception Attack Strategy

• Evaluation

16

Smart Attack are Not Optimal• Longer Path might be better• Exporting less might be better• Gaming Loop Detection

17

18

Exporting less might be better

19

Gaming Loop Detection

20

But....• Finding Optimal Attack : NP-Hard• Realistic ?• Implementation Issues– OrAuth with RPKI/ROA– Defendive Filtering in Practice– Trust Model

21

Conclusion• secure routing protocols (e.g., soBGP

and S-BGP) should be deployed in combination with mechanisms that police export policies (e.g., defensive filtering)

• defensive filtering to eliminate attacks by stub ASes, and secure routing protocols to blunt attacks launched by larger ASes

22

Q&A