Presented by: Tony Reveldez GEOFF HUSTON B.Sc., M.Sc. Australian National University MATTIA ROSSI B.Eng.,M.Sc. Leopold- Franzens- Universitaet GEOFF ARMITAGE.

Slides:

Advertisements

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

Advertisements

An Operational Perspective on Routing Security Geoff Huston Chief Scientist, APNIC.

An Operational Perspective on BGP Security Geoff Huston February 2005.

Mobile IPv6. Why study Mobility in IPv6? What is so different about Mobile IPv6 ?

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Module Summary BGP has reliable transport provided by TCP, a rich set of metrics called BGP.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.

How to Construct a Correct and Scalable iBGP Configuration Mythili Vutukuru Joint work with Paul Valiant, Swastik Kopparty and Hari Balakrishnan.

Securing BGP Geoff Huston November Agenda An Introduction to BGP BGP Security Questions Current Work Research Questions.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

BGP update profiles and the implications for secure BGP update validation processing Geoff Huston Swinburne University of Technology PAM April 2007.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

A View of the AS Hierarchy Provider - customer. A View of the AS Hierarchy No transitivity No SP concatenation Provider - customerData path.

Internet Routing (COS 598A) Today: Routing Protocol Security Jennifer Rexford Tuesdays/Thursdays.

An Operational Perspective on Routing Security Geoff Huston Chief Scientist, APNIC November 2006.

Feb 12, 2008CS573: Network Protocols and Standards1 Border Gateway Protocol (BGP) Network Protocols and Standards Winter

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.

1 Autonomous Systems An autonomous system is a region of the Internet that is administered by a single entity. Examples of autonomous regions are: UVA’s.

UNICAST ROUTING PROTOCOLS Major Functions:  Define the domain of operation (Internal/External to the ISPs), and interaction with other protocols.

R OUTING IN THE INTERNET. A UTONOMOUS SYSTEM ( AS ) Collections of routers that has the same protocol, administative and technical control Intra-AS routing.

Overview of SHIM6 Multihoming Protocol Fuad Bin Naser Std. No A presentation for CSE6806: Wireless & Mobile Communication Networks.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking BGP, Flooding, Multicast routing.

Vulnerabilities and Safeguards in Networks with QoS Support Dr. Sonia Fahmy CS Dept., Purdue University.

SECURING BGP Matthew Nickasch University of Wisconsin-Platteville Dept. of Computer Science & Software Engineering.

CS 3830 Day 29 Introduction 1-1. Announcements r Quiz 4 this Friday r Signup to demo prog4 (all group members must be present) r Written homework on chapter.

BGP Border Gateway Protocol By Amir and David. What Is BGP ? Exterior gateway protocols are designed to route between autonomous systems. AS’s : A set.

Border Gateway Protocol Presented BY Jay Purohit & Rupal Jaiswal GROUP 9.

Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.

Sign What You Really Care About -- Secure BGP AS Paths Efficiently Yang Xiang, Z. Wang, J. Wu, X. Shi, X. Yin Tsinghua University, Beijing AsiaFI 2011.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Delivery and Routing of IP Packets.

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

D1 - 08/12/2015 Requirements for planned maintenance of BGP sessions draft-dubois-bgp-pm-reqs-02.txt

Information-Centric Networks Section # 4.3: Routing Issues Instructor: George Xylomenos Department: Informatics.

Transport Layer3-1 Network Layer Every man dies. Not every man really lives.

1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.

1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.

1 INTRA- AND INTERDOMAIN ROUTING Routing inside an autonomous system is referred to as intradomain routing. Routing between autonomous systems is referred.

Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.

Border Gateway Protocol BGP-4 BGP environment How BGP works BGP information BGP administration.

Border Gateway Protocol. Intra-AS v.s. Inter-AS Intra-AS Inter-AS.

VO2-MAGAZINE.jpg Michael Jenkins Presents:

@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.

19 March 2003Page 1 BGP Vulnerabilities Draft March 19, 2003 Sandra Murphy

Lecture 18 Page 1 CS 236 Online Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS Program Networks and Systems.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.

Softwire Security Update Shu Yamamoto Carl Williams Florent Parent Hidetoshi Yokota 67 IETF, San Diego.

Auto-Detecting Hijacked Prefixes?

Auto-Detecting Hijacked Prefixes?

Goals of soBGP Verify the origin of advertisements

Softwire Security Update

BGP supplement Abhigyan Sharma.

An Operational Perspective on Routing Security

BGP Overview BGP concepts and operation.

Geoff Huston APNIC 7th caida/wide measurement workshop Nov

Advanced Research Issues In Security: Securing Key Internet Technologies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Design Expectations vs. Deployment Reality in Protocol Development

Geoff Huston APNIC 7th caida/wide measurement workshop Nov

Presentation transcript:

Presented by: Tony Reveldez GEOFF HUSTON B.Sc., M.Sc. Australian National University MATTIA ROSSI B.Eng.,M.Sc. Leopold- Franzens- Universitaet GEOFF ARMITAGE B.Sc., PhD. Swinburne University of Technology 1

Border Gateway Protocol  What is it?  iBGP vs eBGP  TCP/IP  Distant Vector Routing Path Vector Routing  Route Selection Process  Messages AS Path 2

BGP Threat Model  Securing the BGP Session Injection, eavesdropping, delay messages, replay  Verifying BGP Identity Are you really who you claim to be?  Verifying BGP Information Is your information complete?  Verifying Forwarding Paths Is my information accurate? 3

Consequences of Attacks on the Routing System Denial of Service the potential to masqueradeAddress Stealing The ability to eavesdrop 4

Securing BGP  The Security Toolset  Security Requirements Securing the data payload and semantics Piecemeal incremental deployment  Approaches to Securing BGP sBGP, soBGP, psBGP, pgBGP, IRV 5

Approaches to Securing BGP  Securing the operation of BGP TCP session GTSM TCP MD5 IPSEC  Security in the Data Level 6

Securing the Integrity of BGP Data  sBGP  soBGP psBGP  IRV  pgBGP 7

State of BGP Security As the table shows, of all proposals, only a few have been implemented and mostly not deployed 8