Download 25routing

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts
no text concepts found
Transcript 
CS 378
Routing Security
Vitaly Shmatikov
slide 1
Network of Networks
Internet is a network of networks
• Autonomous system (AS) is a collection of IP networks
under control of a single administrator (e.g., ISP)
• ASes connect through Internet Exchange (IX), Network
Access Points (NAP), Metropolitan Area Exchange (MAE)
backbone
local network
local network
Internet service
provider (ISP)
ISP
slide 2
Routing Through the Network
IP address is a 32-bit host identifier (IPv4)
• 128-bit identifier in IPv6
Routing protocols propagate information about
routes to hosts and networks
• Host is identified by IP address, network by IP prefix
Many types of routing protocols
• Distance vector, link-state, path vector
BGP (Border Gateway Protocol) is one of the
core routing protocols on the Internet
• Inter-domain routing between different ASes
slide 3
Distance-Vector Routing
Each node keeps vector with distances to all nodes
Periodically sends distance vector to all neighbors
Neighbors send their distance vectors, too; node
updates its vector based on received information
• Bellman-Ford algorithm: for each destination, router
picks the neighbor advertising the cheapest route, adds
his entry into its own routing table and re-advertises
• Used in RIP (routing information protocol)
Split-horizon update
• Do not advertise a route on an interface from which you
learned the route in the first place!
slide 4
Good News Travels Fast
A: 0
1
A: 1
G1
1
A: 2
G2
1
A: 3
G3
1
A: 4
G4
1
A: 5
G5
 G1 advertises route to network A with distance 1
 G2-G5 quickly learn the good news and install the routes
to A via G1 in their local routing tables
slide 5
Bad News Travels Slowly
Exchange
routing tables
A: 0
A: 1
G1
1
A: 2
G2
1
A: 3
G3
1
A: 4
G4
1
A: 5
G5
 G1’s link to A goes down
 G2 is advertising a pretty good route to G1 (cost=2)
 G1’s packets to A are forever looping between G2 and G1
 G1 is now advertising a route to A with cost=3, so G2
updates its own route to A via G1 to have cost=4, and so on
• G1 and G2 are slowly counting to infinity
• Split-horizon updates only prevent two-node loops
slide 6
Overview of BGP
BGP is a path-vector protocol between ASes
Just like distance-vector, but routing updates
contain an actual path to destination node
• List of traversed ASes and a set of network prefixes
belonging to the first AS on the list
Each BGP router receives UPDATE messages from
neighbors, selects one “best” path for each prefix,
and advertises it to the neighbors
• Can be shortest path, but doesn’t have to be
– “Hot-potato” vs. “cold-potato” routing
• AS doesn’t have to use the path it advertises!
slide 7
BGP Example
1
[D. Wetherall]
27
265
8
2
7265
7
265
7
7
327
3
265
27
4
3265
5
65
27
627
6
5
5
 AS 2 provides transit for AS 7
• Traffic to and from AS 7 travels through AS 2
slide 8
Some BGP Statistics
BGP routing tables contain about 125,000 address
prefixes mapping to about 17-18,000 paths
Approx. 10,000 BGP routers
Approx. 2,000 organizations own AS
Approx. 6,000 organizations own prefixes
Average route length is about 3.7
50% of routes have length less than 4 ASes
95% of routes have length less than 5 ASes
slide 9
BGP Issues
BGP convergence problems
• Protocol allows policy flexibility
• Some legal policies prevent convergence
• Even shortest-path policy converges slowly
Incentive for dishonesty
• ISP pays for some routes, others free
Security problems
• Potential for disruptive attacks
slide 10
Evidence: Asymmetric Routes
Alice
Bob
 Alice, Bob use cheapest routes to each other
 These are not always shortest paths
 Asymmetic routes are prevalent
• AS asymmetry in 30% of measured routes
• Finer-grained asymmetry far more prevalent
slide 11
Side Note: TCP Congestion Control
Source
Destination
If packets are lost, assume congestion
• Reduce transmission rate by half, repeat
• If loss stops, increase rate very slowly
• Design assumes routers blindly obey this policy
slide 12
Protocol Rewards Dishonesty
Source A
Source B
Destination
Destination
Amiable Alice yields to boisterous Bob
• Alice and Bob both experience packet loss
• Alice backs off
• Bob disobeys protocol, gets better results
slide 13
BGP Threats: Misconfiguration
Misconfiguration: AS advertises good routes to
addresses it does not known how to reach
• Result: packets go into a network “black hole”
April 25, 1997: “The day the Internet died”
• AS7007 (Florida Internet Exchange) de-aggregated the
full BGP table and re-advertised all prefixes as if it
originated paths to them
• In effect, AS7007 was advertising that it has the best
route to every host on the Internet
• Huge network instability as incorrect routing data
propagated and routers crashed under traffic
slide 14
BGP Threats: Security
BGP update messages contain no authentication
or integrity protection
Attacker may falsify the advertised routes
• Modify the IP prefixes associated with the route
– Can blackhole traffic to certain IP prefixes
• Change the AS path
– Either attract traffic to attacker’s AS, or divert traffic away
– Interesting economic incentive: an ISP wants to dump its
traffic on other ISPs without routing their traffic in exchange
• Re-advertise/propagate AS path without permission
– For example, multi-homed customer may end up advertising
transit capability between two large ISPs
slide 15
Protecting BGP
Simple authentication of packet sources and
packet integrity is not enough
Before AS advertises a set of IP addresses, the
owner of these addresses must authorize it
• Goal: verify path origin
Each AS along the path must be authorized by the
preceding AS to advertise the prefixes contained
in the UPDATE message
• Goal: verify propagation of the path vector
slide 16
S-BGP Protocol
[Kent, Lynn, Seo]
Address attestation
• Owner of one or more prefixes certifies that the origin
AS is authorized to advertise the prefixes
• Need a public-key infrastructure (PKI)
– X.509 certificates prove prefix ownership; owner can then
delegate his “prefix advertising rights” to his ISP
Route attestation
• Router belonging to an AS certifies (using digital
signatures) that the next AS is authorized to propagate
this route advertisement to its neighbors
• Need a separate public-key infrastructure
– Certificates prove that AS owns a particular router
slide 17
S-BGP Update Message
 An update message from R9
advertising this route must contain:
• Ownership certificate certifying that
some X owns IP address S1
• Signed statement from X that AS1 is
authorized to advertise S1
• Ownership certificate certifying that
AS1 owns router R6
S1
AS1
S2
R6
– If AS is represented by a router
• Signed statement from R6 that AS2 is
authorized to propagate AS1’s routes
• Ownership certificate certifying that
AS2 owns router R9
• Lots of public-key operations!
AS2
S3
R7
R9
S4
S5
R8
R10
R12
slide 18
Wormhole Attack on BGP
Multiple colluding malicious BGP routers exchange
BGP update messages over a tunneled connection
Routers can claim better paths than actually exist
• Path vector is not increased by intermediate ASes when
update message is tunneled through a “wormhole”
Route attestation does not help!
• Malicious routers sign attestations for each other
Host H
update
I have a great
route to H:
AS4 - AS1 - H
AS4
AS3
AS2
AS1
I attest that AS4
is authorized
slide 19
Related documents
Monitoring and Measurement
Monitoring and Measurement
Internet Traffic Engineering
Internet Traffic Engineering
Solutions
Solutions
Fundamentals of Computer Networks ECE 478/578
Fundamentals of Computer Networks ECE 478/578
Document
Document
document
document
The Internet: Co-Evolution of Technology and Society
The Internet: Co-Evolution of Technology and Society
Single External Disruption - EECS
Single External Disruption - EECS
Experimental Study of Internet Stability and Wide
Experimental Study of Internet Stability and Wide
lecture14_1
lecture14_1
Presentation (PowerPoint File)
Presentation (PowerPoint File)
BGP - Pages
BGP - Pages
Networking - dbmanagement.info
Networking - dbmanagement.info
15-744: Computer Networking
15-744: Computer Networking
HW2
HW2
ROB: Route Optimization Assisted by BGP
ROB: Route Optimization Assisted by BGP
Brief Announcement: Network-Destabilizing Attacks
Brief Announcement: Network-Destabilizing Attacks
BGP - Department of Computer Engineering
BGP - Department of Computer Engineering
ppt
ppt
Towards an Accurate AS-level Traceroute Tool
Towards an Accurate AS-level Traceroute Tool
Power of Layering
Power of Layering
A Survey of BGP Security: Issues and Solutions
A Survey of BGP Security: Issues and Solutions