1Lecture 3Page 1CS 239, Spring 2004Routing Protocol SecurityCS 239Advanced Topics in Network Security Peter ReiherApril 12, 2004Lecture 3Page 2CS 239, Spring 2004The Problem• Routing protocols control how packets flow through the Internet• If they aren’t protected, attackers can alter packet flows at their whim• Most routing protocols were not built with security in mindLecture 3Page 3CS 239, Spring 2004Routing Protocol Security Threats • Threats to routing data secrecy–Usually not critical• Threats to routing protocol integrity–Very important, since tampering with routing integrity can be bad• Threats to routing protocol availability–Potential to disrupt Internet serviceLecture 3Page 4CS 239, Spring 2004What Could Really Go Wrong?• Packets could be routed through an attacker• Packets could be dropped – Routing loops, blackholerouting, etc.• Some users’ service could be degraded• The Internet ’s overall effectiveness could be degraded– Slow response to failures– Total overload of some links• Many types of defenses against other attacks presume correct routingLecture 3Page 5CS 239, Spring 2004Where Does the Threat Occur?• At routers, mostly• Most routers are well-protected–But . . .–Several recent vulnerabilities have been found in routers• Also, should we always trust those running routers?Lecture 3Page 6CS 239, Spring 2004Different Types of Routing Protocols• Link state– Tell everyone the state of your links• Distance vector– Tell nodes how far away things are• Path vector– Tell nodes the complete path between various points• On demand protocols– Figure out routing once you know you two nodes need to communicate2Lecture 3Page 7CS 239, Spring 2004Popular Routing Protocols• BGP– Path vector protocol used in core Internet routing– Arguably most important protocol to secure• RIP– Distance vector protocol for small networks• OSPF• Ad hoc routing protocolsLecture 3Page 8CS 239, Spring 2004Fundamental Operations To Be Protected• One router tells another router something about routing–A path, a distance, contents of local routing table, etc.• A router updates its routing information• A router gathers information to decide on routingLecture 3Page 9CS 239, Spring 2004Basic BGP Routing IssueA B C D EF G1.2.3.*A wants to tell everyone how to get to 1.2.3.*1.2.3.*A1.2.3.*A1.2.3.*B,A 1.2.3.*C,B,A 1.2.3.*D,C,B,AWhat do we need to protect?Lecture 3Page 10CS 239, Spring 2004Well, What Could Go Wrong?A B C D EF G1.2.3.*AWhat if A doesn’t own 1.2.3.*?What if router A isn’t authorized to advertise 1.2.3.*?What if router D alters the path?1.2.3.*D,FLecture 3Page 11CS 239, Spring 2004How Do We Solve These Problems?• Advertising routers must prove ownership and right to advertise• Paths must be signed by routers on them• Must avoid cut-and-paste attacks• S-BGP addresses these issuesLecture 3Page 12CS 239, Spring 2004An ExampleA B C D EF G1.2.3.*1.2.3.*AHow can B know that A should advertise 1.2.3.*?A can provide a certificate proving ownership3Lecture 3Page 13CS 239, Spring 2004How About Verifying Paths?A B C D EF G1.2.3.*D,C,B,AWe need signatures proving path is correctWho must sign?What does each entity sign?Lecture 3Page 14CS 239, Spring 2004Some Questions for Discussion• Partial deployment?• Feasibility?• Necessity?• What do these measures fail to protect in routing?• Interoperation between different protocol
View Full Document
Unlocking...