Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Issue We all depend on the Internet

Published byLoreen Johns Modified over 5 years ago

Similar presentations

Presentation on theme: "The Issue We all depend on the Internet"— Presentation transcript:

1 Securing the Internet CS 239 Advanced Topics in Computer Security Peter Reiher November 23, 2010

2 The Issue We all depend on the Internet
Its very fundamentals aren’t well secured What are the problems? What are the solutions?

3 What We Aren’t Talking About
Confidentiality and integrity Use end-to-end encryption Maybe other technologies for privacy Security of end hosts Attacks merely perpetrated across the network Denial of service attacks

4 What’s That Leave? Core services required for the Internet to operate
Routing Name translation QoS security, multicasting, and other services arguably in scope But not widely used

5 Routing Protocol Security Threats
Threats to routing data secrecy Usually not critical Threats to routing protocol integrity Very important, since tampering with routing integrity can be bad Threats to routing protocol availability Potential to disrupt Internet service

6 What Could Really Go Wrong?
Packets could be routed through an attacker Packets could be dropped Routing loops, blackhole routing, etc. Some users’ service could be degraded The Internet’s overall effectiveness could be degraded Slow response to failures Total overload of some links Many types of defenses against other attacks presume correct routing

7 Protecting BGP BGP is probably the most important protocol to protect
Handles basic Internet routing Works at autonomous system (AS) level Rather than router level

8 BGP Issues BGP is spoken (mostly) between routers in autonomous systems On direct network links to their partner Over TCP sessions that are established with known partners Isn’t that enough to give reasonable security?

9 A Recent Counterexample
China recently hijacked about 1/16 of all Internet routes Probably more of the traffic For around 15 minutes Included traffic that should have been purely internal to the US Not clear if it was accidental Not clear if it will happen again

10 How Did This Happen? China injected a BGP update advertising a good path to large chunks of the Internet Which they had no right to do And didn’t actually have It got automatically propagated by BGP The routes weren’t plausible But the routing protocol doesn’t understand plausibility

11 Basic BGP Security Issue
1.2.3.* A 1.2.3.* B,A 1.2.3.* C,B,A 1.2.3.* D,C,B,A A B C D E 1.2.3.* A 1.2.3.* What do we need to protect? F G A wants to tell everyone how to get to *

12 Well, What Could Go Wrong?
1.2.3.* A 1.2.3.* D,F A B C D E What if A doesn’t own *? What if router D alters the path? F G What if router A isn’t authorized to advertise *?

13 How Do We Solve These Problems?
Advertising routers must prove ownership and right to advertise Paths must be signed by routers on them Must avoid cut-and-paste attacks And replay attacks

14 S-BGP A protocol designed to solve most of the routing security issues for BGP Intended to be workable with existing BGP protocol Backward compatible Key idea is to tie updates to those who are allowed to make them And to those who build them

15 An S-BGP Example 1.2.3.* A A B C D E 1.2.3.* A can provide a certificate proving ownership How can B know that A should advertise *? F G

16 What are these signatures actually attesting to?
Securing BGP Updates 1.2.3.* A 1.2.3.* B,A 1.2.3.* C,B,A 1.2.3.* D,C,B,A A B C D E 1.2.3.* What are these signatures actually attesting to? F G A wants to tell everyone how to get to *

17 Address Attestations in S-BGP
These are used to prove ownership of IP prefix spaces IP prefix owner provides attestation that a particular AS can originate its BGP updates That AS includes attestation in updates

18 Route Attestations To prove that path for a prefix should go through an AS The previous AS on the path makes this attestation E.g., B attests that C is the next AS hop

19 S-BGP and Public Key Crypto
Signatures done via PK Requires PK infrastructure Agreed upon by all parties in the Internet No such agreement available, right now

20 Another Approach to Securing BGP Updates
Pretty Good BGP Routers keep track of recent routes to destinations Accept updates that are on the list Maybe don’t accept those that aren’t Doesn’t solve all problems But no crypto or PK infrastructure

21 DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses Threats to name lookup secrecy Definition of DNS system says this data isn’t secret Threats to DNS information integrity Very important, since everything trusts that this translation is correct Threats to DNS availability Potential to disrupt Internet service

22 The DNS Lookup Process lookup thesiger.cs.ucla.edu answer ping thesiger.cs.ucla.edu If the answer is wrong, in standard DNS the client is screwed Should result in a ping packet being sent to

23 Doing Hierarchical Translation
DNS root server Where’s edu? lookup thesiger.cs.ucla.edu edu root server Where’s ucla.edu? Where’s cs.ucla.edu? Where’s thesiger.cs.ucla.edu? ucla.edu root server cs.ucla.edu root server

24 Where Can This Go Wrong? Someone can spoof the answer from a DNS server Relatively easy, since UDP is used One of the DNS servers can lie Someone can corrupt the database of one of the DNS servers

25 lookup thesiger.cs.ucla.edu
The Spoofing Problem lookup thesiger.cs.ucla.edu answer Unfortunately, most DNS stub resolvers will take the first answer answer

26 lookup thesiger.cs.ucla.edu
DNS Servers Lying answer lookup thesiger.cs.ucla.edu . . . thesiger.cs.ucla.edu That wasn’t very nice of him!

27 DNS Database Corruption
answer lookup thesiger.cs.ucla.edu . . . thesiger.cs.ucla.edu

28 The DNSSEC Solution Sign the translations Who does the signing?
The server doing the response? Or the server that “owns” the namespace in question? DNSSEC uses the latter solution

29 Implications of the DNSSEC Solution
DNS databases must store signatures of resource records There must be a way of checking the signatures The protocol must allow signatures to be returned

30 The DNSSEC Signing Hierarchy
In principle, ICANN signs for itself and for top level domains (TLDs) Like .com, .edu, country codes, etc. Each TLD signs for domains under it Those domains sign for domains below them And so on down

31 An Example Who signs the translation for thesiger.cs.ucla.edu to ? The UCLA CS DNS server How does someone know that’s the right server to sign? Because the UCLA server says so Securely, with signatures The edu server verifies the UCLA server’s signature Ultimately, hierarchical signatures leading up to ICANN’s attestation of who controls the edu namespace Where do you keep that information? In DNS databases

32 Status of DNSSEC Working implementations available
In use in some places Heavily promoted First by DARPA Now by DHS But not really successful That may be changing .gov is signed, as of 2010 ICANN signed root in July 2010

33 Issues For Discussion Are there other Internet-level security problems? What approaches to securing the Internet itself are realistic? Worth worrying about, or learn to live with it?

Download ppt "The Issue We all depend on the Internet"

Similar presentations

Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.

Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
Network security BGP and DNS Worms.

Network security BGP and DNS Worms.
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.
Issues in Internet Security. Securing the Internet How does the internet hold up security-wise? How does the internet hold up security-wise? Not well:

Issues in Internet Security. Securing the Internet How does the internet hold up security-wise? How does the internet hold up security-wise? Not well:
Chapter 22 Network Layer: Delivery, Forwarding, and Routing

Chapter 22 Network Layer: Delivery, Forwarding, and Routing
Chapter 4 Networking and the Internet Introduction to CS 1 st Semester, 2015 Sanghyun Park.

Chapter 4 Networking and the Internet Introduction to CS 1 st Semester, 2015 Sanghyun Park.
Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.

Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.
Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.

Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.
Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.

Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 11 Page 1 CS 136, Fall 2012 Network Security, Continued CS 136 Computer Security Peter Reiher November 6, 2012.

Lecture 11 Page 1 CS 136, Fall 2012 Network Security, Continued CS 136 Computer Security Peter Reiher November 6, 2012.

Similar presentations

Ads by Google