Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.

Published byKaitlyn MacGregor Modified over 10 years ago

Similar presentations

Presentation on theme: "Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang."— Presentation transcript:

1 Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang

2 2 Goal of the Panel Understand and discuss –The threats on the routing system –Lessons learned from todays routing system –Challenges of architecting a secure routing system –A few specific architectural proposals

3 3 Questions What are the threats? –End hosts –Compromised routers –Greedy providers What security properties do we need? –Just availability? –Knowing traffic is reaching the right destination? –Knowing end-to-end path? At what granularity? –Avoiding certain paths, countries, or companies? –Do paths need to be symmetric? Enable multiple levels of security in parallel?

4 4 Questions Where should security functions be placed? –End hosts vs. routers –Data, control, and management planes How do we ensure participation? –Economic incentives for deployment? –Role (if any) for government regulation? –Any need for accountability/liability for problems? –Enable partial deployment scenarios?

5 5 Organization Morley Mao, U. Michigan –Threats, and an operator perspective (15 min) Jen Rexford, Princeton –Multi-path routing and secure monitoring (10 min) Xiaowei Yang, UC Irvine –User-controlled routes (15 min) Discussion, debate, …

6 Helping Edge Networks to Help Themselves Jen Rexford Joint work with Dave Andersen, Ioannis Avramopoulos, and Dan Wendlandt

7 7 Dont Need Secure Routing Protocols Secure routing protocols –Securing info communicated within the protocol Secure routing protocols are too much –Require large-scale (ubiquitous?) deployment –Heavy weight crypto operations –Global public key infrastructure Secure routing protocols are too little –Packets might not follow the path –Adversary can deflect packets or DoS links –Colluding ASes can claim fake links

8 8 Secure End-to-End Communication An architectural proposal –Multi-path routing exposes possible paths –Edge nodes find and securely use working paths End-to-end security (e.g., SSL & IPsec) Confidentiality of Data Integrity of Data Availability of Communication Channel Depends on Routing and Forwarding

9 9 Where do Multiple Paths Come From? Multi-homing –Connecting to multiple neighboring ASes –Connecting to a neighbor at multiple places Deflecting through intermediate nodes –Overlay networks of end hosts –Deflection services offered by other networks Multi-path routing protocols A A B B C D

10 10 How Do Edge Nodes Switch Forwarding Paths? Tagging –Mark tag bits in the data packets –Routers interpret the bits in forwarding Encapsulation –Specifying intermediate deflection point –Routers forward based on deflection address B A C 101 B

11 11 How Do Edge Nodes Decide to Change Paths? End-to-end integrity check –IPsec and SSL –Client authentication and server certificates –Vote among users from many vantage points Secure availability monitoring –End-host applications judge the performance –Edge routers securely sample the performance

12 12 Conclusion Secure routing is not the goal –The control plane is just one part of the system –Jen, the Internet is not a network for delivering BGP update messages. – Randy Bush Secure communication should be the goal –Integrity, confidentiality, and availability Leading to a combination of mechanisms –End-to-end integrity and confidentiality –Multi-path routing and forwarding –Secure availability monitoring

Download ppt "Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang."

Similar presentations

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June 28 2007.

The role of network capabilities Xiaowei Yang UC Irvine NSF FIND PI meeting, June
1 Threats & lessons learned from todays control/management planes (Panel on routing) Z. Morley Mao University of Michigan NSF FIND PI meeting, June 27.

1 Threats & lessons learned from todays control/management planes (Panel on routing) Z. Morley Mao University of Michigan NSF FIND PI meeting, June 27.
Using Network Virtualization Techniques for Scalable Routing Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton University.

Using Network Virtualization Techniques for Scalable Routing Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton University.
Security implications of source- controlled routes Xiaowei Yang UC Irvine NSF FIND PI meeting, June 27 2007.

Security implications of source- controlled routes Xiaowei Yang UC Irvine NSF FIND PI meeting, June
Security Issues In Mobile IP

Security Issues In Mobile IP
Path Splicing with Network Slicing

Path Splicing with Network Slicing
Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.

Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.
Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.

Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.
Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.

Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:

Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:
Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.

Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.
Theory Lunch. 2 Problem Areas Network Virtualization for Experimentation and Architecture –Embedding problems –Economics problems (markets, etc.) Network.

Theory Lunch. 2 Problem Areas Network Virtualization for Experimentation and Architecture –Embedding problems –Economics problems (markets, etc.) Network.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.
Multihoming and Multi-path Routing CS 7260 Nick Feamster January 29. 2007.

Multihoming and Multi-path Routing CS 7260 Nick Feamster January
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Similar presentations

Ads by Google