Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Secure are Secure Interdomain Routing Protocols? B96209044 大氣四 鍾岳霖 B97703099 財金三 婁瀚升 1.

Similar presentations


Presentation on theme: "How Secure are Secure Interdomain Routing Protocols? B96209044 大氣四 鍾岳霖 B97703099 財金三 婁瀚升 1."— Presentation transcript:

1 How Secure are Secure Interdomain Routing Protocols? B 大氣四 鍾岳霖 B 財金三 婁瀚升 1

2 Outline Introduction Model and Methodology Fooling BGP Security Protocols Smart Attraction Attack Smart Interception Attack Smart Attack Are Not Optimal Finding Optimal Attack is Hard Implementation Issues Conclusion 2

3 Introduction BGP Quantifying – Worst Case Comparison – Traffic Flow: Routing, Business, AS-path Thinking like a Manipulator Finding and Recommendations 3

4 Model and Methodology Modeling Interdomain Routing – AS Graph – Establishing Path – Business Relationship: C > P2P > P Modeling Routing Policies – Ranking: LP, SP, TB – Local Preference: GR3, C > P2P > P – Export Policy: GR2,at least 1 Customer 4

5 5

6 Model and Methodology Threat Model – 1 Manipulator – Normal ASes, Normal Path – Attration and Interception – Fraction Attracted Attack Strategy: – Unavailable or Non-existent Path – Available but not Normal – Export Policies 6

7 Experiment on Empirical AS Graph – Average Case Analysis – Random Chosen Pairs – Multiple Dataset 7 Model and Methodology

8 Fooling BGP Security Protocols BGP: No validation → False Path Origin Authentication: Prefix Owner → Clain to be the closest soBGP: OrAuth, Path Existence → Exist, Unavail. 8

9 Fooling BGP Security Protocols S-BGP: Path Verification: abc if bc sent to a → Shorter Path Data Plane Verification → Also Forward Defensive Filter : No Stub 9

10 Smart Attraction Attack Shortest-Path Export All Underestimation Defensive Filtering : Crucial Different Strategy to Different Protocols 10

11 11

12 Smart Attraction Attack SBGP: Hard to find Shorter, Not Opt. Export Policy Matters More Different Sized Manipulator : Tier 2 Different Sized Victim : Tier 1 vs Tier2 12

13 A stub that creates a blackhole 13 Smart Interception Attack

14 Stub Make Blackhole : Failure Blackhole or Not 14

15 Smart Interception Attack 2 Strategies: – Shortest Available Path Export All – Hybrid Interception Attack Strategy Evaluation 15

16 Smart Attack are Not Optimal Longer Path might be better Exporting less might be better Gaming Loop Detection 16

17 17

18 Exporting less might be better 18

19 Gaming Loop Detection 19

20 But.... Finding Optimal Attack : NP-Hard Realistic ? Implementation Issues – OrAuth with RPKI/ROA – Defendive Filtering in Practice – Trust Model 20

21 Conclusion secure routing protocols (e.g., soBGP and S-BGP) should be deployed in combination with mechanisms that police export policies (e.g., defensive filtering) defensive filtering to eliminate attacks by stub ASes, and secure routing protocols to blunt attacks launched by larger ASes 21

22 Q&A 22


Download ppt "How Secure are Secure Interdomain Routing Protocols? B96209044 大氣四 鍾岳霖 B97703099 財金三 婁瀚升 1."

Similar presentations


Ads by Google