1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

Slides:



Advertisements
Similar presentations
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Advertisements

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Border Gateway Protocol Autonomous Systems and Interdomain Routing (Exterior Gateway Protocol EGP)
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez School of Computer Science.
Securing BGP Geoff Huston November Agenda An Introduction to BGP BGP Security Questions Current Work Research Questions.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
S ufficient C onditions to G uarantee P ath V isibility Akeel ur Rehman Faridee
Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.
Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK
3/9/2004Presenter: Lan Gao1 Origin Authentication in Interdomain Routing William Aiello, John Ioannidis, and Patrick McDaniel Proceedings of 10th ACM Conference.
Analysis of BGP Routing Tables
Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.
COS 420 Day 16. Agenda Finish Individualized Project Please Have Grading sheets to me by Tomorrow Group Project Discussion Assignment 3 moved back to.
CSEE W4140 Networking Laboratory Lecture 5: IP Routing (OSPF and BGP) Jong Yul Kim
1 Origin Authentication in Interdomain Routing Security Reading Group September 3, 2004 William Aiello, John Ioannidis, and Patrick McDaniel Proceedings.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.
1 Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.
Border Gateway Protocol (BGP4) Rizwan Rehman, CCS, DU.
Computer Networks Layering and Routing Dina Katabi
Inter-domain Routing Outline Border Gateway Protocol.
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Chapter 22 Network Layer: Delivery, Forwarding, and Routing
Information-Centric Networks04a-1 Week 4 / Paper 1 Open issues in Interdomain Routing: a survey –Marcelo Yannuzzi, Xavier Masip-Bruin, Olivier Bonaventure.
Introduction to BGP.
CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.
DHCPv6 Route Option (draft-dec-dhcpv6-route-option-03.txt) IETF 77, March 2010 : Wojciech Dec Richard Johnson
How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.
Secure Border Gateway Protocol (S-BGP): Real World Performance & Deployment Issues Stephen Kent, Charles Lynn, Joanne Mikkelson, and Karen Seo BBN Technologies.
Lecture 4: BGP Presentations Lab information H/W update.
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.
Border Gateway Protocol
BGP4 - Border Gateway Protocol. Autonomous Systems Routers under a single administrative control are grouped into autonomous systems Identified by a 16.
Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.
1 Route Optimization for Large Scale Network Mobility Assisted by BGP Feriel Mimoune, Farid Nait-Abdesselam, Tarik Taleb and Kazuo Hashimoto GLOBECOM 2007.
Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 ECSE-6600: Internet Protocols Informal Quiz #08: SOLUTIONS Shivkumar Kalyanaraman: GOOGLE: “Shiv.
Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.
CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)
CSCI-1680 Network Layer: Inter-domain Routing Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, Rodrigo Fonseca John Jannotti.
An internet is a combination of networks connected by routers. When a datagram goes from a source to a destination, it will probably pass through many.
Dynamic Routing Protocols II OSPF
1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.
Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.
Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Understanding BGP Path Attributes.
1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.
1 Chapter 14-16a Internet Routing Review. Chapter 14-16: Internet Routing Review 2 Introduction Motivation: Router performance is critical to overall.
Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.
Inter-domain Routing Outline Border Gateway Protocol.
K. Salah1 Security Protocols in the Internet IPSec.
Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.
Dynamic Routing Protocols II OSPF
Boarder Gateway Protocol (BGP)
Border Gateway Protocol
Border Gateway Protocol
Goals of soBGP Verify the origin of advertisements
BGP supplement Abhigyan Sharma.
Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.
Cours BGP-MPLS-IPV6-QOS
Dynamic Routing Protocols II OSPF
APNIC Trial of Certification of IP Addresses and ASes
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
Presentation transcript:

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004

2 Content Background Current protocol Security problems Solutions Conclusion Reference

3 Background Routing Determine the path that IP packets take to go from their source to their destination Interdomain Routing Routers (compute desired path) are grouped together called Autonomous Systems (Management Domains). Inter-Autonomous System routing.

4 Current Protocol Border Gateway Protocol RFC 1771 & 1772, March 1995 BGP-4 along with Interior Gateway Protocol (IGP) AS announces IP address ranges called prefixes Full AS paths enforces routing policies Local traffic, transit traffic AS – Stub AS, Multihomed AS, Transit AS

5 Attributes Weight Local preference Multi-exit discriminator Origin AS_path NextHop Community

6 Security Problems Message may not be correct and authentic Path may not be authentic AS may not have the authority to advertise a prefix

7 Solutions Secure Border Gateway Protocol (S- BGP) Internet Route validation (IRV) Secure Origin BGP (soBGP) Origin Authentication Services

8 S-BGP IP security protocol suite Encapsulating Security Payload (ESP) new BGP path attribute with attestations - route attestations - address attestations Public Key Infrastrcture(PKI) - public key certificates

9 IRV IRV servers maintain routing data received and advertised Validation by out-of-band mechanism and potentially secure protocol

10 soBGP EntityCert – ties an AS number to a public key with attested keys as root keys AuthCert (in Prefix PolicyCert) – ties an AS to a block of addresses ASPolicyCert – verifies that the advertiser does have a path to the destination Note: new BGP message (SECURITY)

11 Deployment Option Direct Certificate Exchange - exchange certificates with their peers Exchange by Edge Router - edge routers exchange certificates - internal servers process information

12 Origin Authentication Services Formalization Modeling Simulation Evaluation

13 Formalization ASN = {1,2,…K} be the set of all Autonomous System Numbers, K = 2 16 O be the set of all organizations which can own prefixes S be the set of all BGP speaking organizations C be an organization; C  S and ASN(C) be the set of AS numbers current assigned to C IPA = {0,1} l be the set of all l -bit IP addresses; l =32 for IPv4 and l =64 for IPv6 x/j is the address prefix (often called prefix) If y/k is a prefix of C. Address assignments or delegations can be formally expressed as a) (C, y/k, n) where n ASN; C assigns y/k to an AS number n b) (C, y/k, C’) where C’ O; C delegates y/k to C’ c) (C, y/k, R); C declares y/k as RESERVED thus neither advertised nor delegated

14 Delegation Path Valid - ownership source is IANA - path is monotonic - path is acyclic - assignment edge is ASN-respecting ( ASN(C), R or  )

15 Modeling Origin Authentication Services - Delegation path is valid - Set of delegation attestations is verified - assignment edge is certified Delegation Attestations - Simple delegation attestation - Authenticated delegation list - Authentication Delegation Tree - Authentication Delegation Dictionaries

16 Simulation Trace-based simulation on a single BGP speaker on April 2, UPDATE messages are recorded over a 24 hour period Four models are implemented:- - simple attestation - AS authenticated delegation list - Authenticated list - Authenticated delegation trees

17 Observation Signature validation (ordered most costly to the least) - simple attestation - AS authenticated delegation list - Authenticated list - Authenticated delegation trees On-line and Off-line Origin Authentication - Authenticated delegation lists are significantly more expensive Caching - Tree scheme outperforms the others Caching without organization load - authenticated delegation lists out-performs AS authenticated delegation list

18 Evaluation Discussed Origin Authentication Services Models are feasible Approximation of the delegation graph is supported by studies of BGP Underestimated ownership sources and delegation would not affect the quality of the result

19 Conclusion BGP is problematic Secure Border Gateway Protocol - studied since 1996 is not complete Internet Route Verification - solved only part of the problems Secure Origin Border Gateway Protocol - not deployed Origin authentication service – resource costs can be significantly reduced

20 Reference 1. W. Aiello, J. Ioannidis, P. McDaniel. Origin Authentication in Interdomain Routing. In Proceedings of the 10 th ACM Conference on Computer and Communication Security, page 165 – 178, October 2003, Washington, DC, USA 2. K. Seo, C. Lynn, and S. Kent. Public-Key Infrastruture for the Secure Border Gateway Protocol (S-BGP). In Proceedings of DARPA Information Survivability Conference and Exposition II. IEEE, June Y. Rekhter and T. Li. A Border Gateway Protocol 4 (BGP4). Internet Engineering Task Force, March RFC Y. Rekhter and P. Gross. Application of the Border Gateway Protocol in the Internet, March RFC 1772

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.