1 Threats & lessons learned from todays control/management planes (Panel on routing) Z. Morley Mao University of Michigan NSF FIND PI meeting, June 27.

Slides:



Advertisements
Similar presentations
A Threat Model for BGPSEC
Advertisements

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
A Threat Model for BGPSEC Steve Kent BBN Technologies.
1 An Update on Multihoming in IPv6 Report on IETF Activity IPv6 Technical SIG 1 Sept 2004 APNIC18, Nadi, Fiji Geoff Huston.
An Operational Perspective on BGP Security Geoff Huston February 2005.
High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.
Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.
Internet Availability Nick Feamster Georgia Tech.
Multihoming and Multi-path Routing
Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Network Operations Research Nick Feamster
Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.
Shutup An E2E Approach to DoS Defense Paul Francis Saikat Guha Cornell.
Chapter 1: Introduction to Scaling Networks
Countering DoS Attacks with Stateless Multipath Overlays Presented by Yan Zhang.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”
NPLA: Network Prefix Level Authentication Ming Li,Yong Cui,Matti Siekkinen,Antti Ylä-Jääski Aalto University, Finland Tsinghua University, China.
Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.
Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.
Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
1 Next-Generation Secure Internet: Security Overview and Context Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song.
Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.
Lecture 11 Reliability and Security in IT infrastructure.
Stealth Probing: Efficient Data- Plane Security for IP Routing Ioannis Avramopoulos Princeton University Joint work with Jennifer Rexford.
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing
Storage Security and Management: Security Framework
TCP/IP Vulnerabilities. Outline Security Vulnerabilities Denial of Service Worms Countermeasures: Firewalls/IDS.
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
Happy Network Administrators  Happy Packets  Happy Users WIRED Position Statement Aman Shaikh AT&T Labs – Research October 16,
FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.
CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
A Dynamic Packet Stamping Methodology for DDoS Defense Project Presentation by Maitreya Natu, Kireeti Valicherla, Namratha Hundigopal CISC 859 University.
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Approaches to Multi6 An Architectural View of Multi6 proposals Geoff Huston March 2004.
ISACA – Charlotte Chapter June 3, 2014 Mark Krawczyk, CISA, CISSP, CCNA.
1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.
Security Management Process 1. six-stage security operations model 2 In large networks, the potential for attacks exists at multiple points. It is suggested.
1 Protecting Network Quality of Service against Denial of Service Attacks Douglas S. Reeves S. Felix Wu Chandru Sargor N. C. State University / MCNC October.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
BGP security some slides borrowed from Jen Rexford (Princeton U)
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
COS 561: Advanced Computer Networks
Cloud Testing Shilpi Chugh.
Preventing Internet Denial-of-Service with Capabilities
COS 561: Advanced Computer Networks
An Update on Multihoming in IPv6 Report on IETF Activity
COS 561: Advanced Computer Networks
BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)
Presentation transcript:

1 Threats & lessons learned from todays control/management planes (Panel on routing) Z. Morley Mao University of Michigan NSF FIND PI meeting, June

2 Is todays Internet routing at risk? I would stress that all of these things, particularly prefix hijacking and backbone router 'ownage', are real threats, happening today, happening with alarming frequency. Folks need to realize that the underground is abusing this stuff today, and has been for quite some time. -- Rob Thomas quoted by David Meyer at NANOG28, June 2003.

3 Worldwide Infrastructure Security Report (Arbor Networks) Bots is becoming a serious threat for infrastructure security Source: Arbor Networks, Inc. 55 participants responded to surveys.

4 Desired routing security properties Availability of the communication channel –sufficiently good performance –reachability to intended destination networks Data integrity –payload is not altered intentionally Data confidentiality and privacy –but deep packet inspection must examine payload Route integrity –advertised route matches the data path Anything else? (more later)

5 BGPs threat overview Threat model –access to compromised routers to manipulate data and routing logic via password guessing, exploiting OS vulnerabilities, etc. –possibly collude across networks –motivated by greed and malice Greed results in insider attacks Attack types: 1.data-plane attacks: impact data traffic. 2.control-plane attacks: alter control behavior. Just like compromised hosts, there will always be compromised or misconfigured routers!

6 Data-plane attacks due to insecure routing Resource exhaustion attacks: –remote BGP session reset via DoS attacks Filtering: deny availability Snooping: compromise confidentiality Tampering: compromise integrity Degrading: harm availability –e.g., degrading Skype traffic Deflecting: for further analysis –e.g., spoofing of intended destination, etc. All these can be done selectively to discriminate against certain traffic to evade detection.

7 Control-plane attacks due to insecure routing Route hijacking or route spoofing to –attract traffic or disrupt reachability Falsified routes to –cause denial service Resource overload –e.g., excessive prefixes by deaggregation Routing instability (create continuous oscillation) –trigger route flap damping Empirical evidence of various misconfiguration events.

8 Attackers motivation for conducting routing-based attacks Denial of service –disrupt network communications of attack targets –greed to make another ISP appear bad Enabler for other data-plane attacks –e.g., hijack a prefix for sending spam or DoS traffic, to spoof legitimate services (Web). –e.g., reroute traffic to compromise confidentiality Are routing attacks easy to detect?

9 Limitations of todays routing architecture Lack of accountability –difficulty to troubleshoot routing misbehavior –no visibility into other networks Lack of incentives for deploying security mechanisms –bogon filters, ingress/egress filters, reverse path forwarding, prioritizing routing traffic. Lack of resource visibility –e.g., knowledge of shared risk link groups Limited routing choices –routing policies vs. routing politics Lack of clearly defined expected routing behavior –e.g., no robustness guarantees –mostly reacting to (performance impacting) events instead of proactively preventing/eliminating routing misbehavior. How about devising mechanisms to punish misbehaving networks?

10 A possible wish-list from network operators Better security demands better tools to manage networks, tools to prevent, detect, and respond to attacks. –cost-effective ways to deploy and manage security capabilities Network management automation Ease of creating and deploying new network services safely –basic transport is no longer profitable

11 Assumptions of the future Internet (affecting routing design) Multiple distinct commercial entities Existence of misbehaving network elements and end-hosts Increasingly complex protocol interaction –rarely take out old services and protocols Heterogeneity in protocol deployment and implementations

12 What role should routing play in achieving security? To ensure future Internet is secure, routing itself must be secure. –S*BGP vs. incrementally deployable partial solutions –prevent source IP spoofing Routing should effectively support the defense against data-plane attacks. –self protection via robust routing configurations: resistant to misconfigs and attacks. –collusion and attack resistant routing via light-weight data-plane checks –support built-in accountability to detect performance degradation and misbehavior

13 Routing is used to defend against attacks Destination-based ACLs and destination- based BGP blackhole routing are primary mitigation techniques. Challenges: –inability to verify authenticity of source IPs –lack of support for a large number of packet filters –complex to divert traffic for scrubbers –dest-based filtering finished off the attack! Source: Worldwide infrastructure security report (Arbor Networks, Inc.) based on survey of 55 network operators of diverse networks.

14 Directions on new routing architectures Protocols to enable cooperation amongst networks –troubleshooting, reliable packet delivery, defend against distributed attacks and security threats Protocols to expose visibility of network behavior to ISPs and end-users –to facilitate accountability, SLA verification, and competition among ISPs New routing services –routing as an enabler for new network-based security services, e.g., new capabilities to defend against botnet activities by selective filtering.

15 Q & A Questions to consider –What role should routing play to mitigate against data-plane attacks? –How should data plane filtering be better integrated with control plane filtering (packet filters with route filters)? –What is the role of management plane for routing and data-plane? –How do we enforce networks to practice good network configurations?

16 Is Internet routing sufficiently robust to failures? An example circuitous route after Taiwan Earthquake 2006 Composing two paths results in lower latencies, merely overlay routing?

17 Lessons from the past Routing-based response to mitigate attacks on the data plane often help finish off the DoS attack! –better defense techniques needed Attacks against the routing infrastructure is a means to achieve more sophisticated attacks on the data plane. –joint management needed Unlike attacks against end-hosts or edge networks, attacks against infrastructure are difficult to detect! –better detection schemes needed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.