cryptographic approaches for securing routing protocols
play

Cryptographic Approaches for Securing Routing Protocols Adrian - PDF document

Feb 19, 2024 •25 likes •245 views

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

  1. Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? � Current routing protocols assume trusted environment! � Even misconfigurations severely disrupt Internet routing � Secure routing goals • Reduce misconfiguration impact • Robust against external malicious nodes (no compromised nodes) • Robust against compromised nodes (Byzantine failures) 1

  2. Routing Protocol Attacks � Current routing protocols are vulnerable • Prevent route establishment • Attracting traffic (e.g., blackhole attack) • Repelling traffic • Gratuitous detours • Cause route instabilities / route flapping • Denial-of-Service (DoS): router overload – Almost all attacks appear as DoS attacks, since routing is a service, however, we only consider router resource consumption as routing DoS attacks Approaches to Secure Routing � Detection/recovery • Use intrusion-detection techniques to detect malicious behavior � Prevention • Use cryptographic techniques to prevent malicious behavior � Robustness • Use robustness techniques to reduce impact of malicious behavior • E.g., use multipath routing to improve probability of packet delivery 2

  3. Outline � Secure ad hoc network routing protocols • SEAD: Secure Efficient Ad-hoc network Distance vector routing protocol – Joint work with Yih-Chun Hu and David Johnson – Defend against shortening hop count � Secure Internet routing protocols • SPV: Secure Path Vector – Joint work with Yih-Chun Hu and Marvin Sirbu – Secure BGP routing protocol Ad Hoc Networks � No infrastructure, or out-of-range base station � Devices self-organize to form a network � Ad hoc network routing protocol extends communication range 3

  4. Ad Hoc Network Applications � Ad hoc networks provide connectivity in various environments • Rooftop networks • Corporate ad hoc networks • Emergency response, disaster relief • Devices protecting critical infrastructures • Networks of cars relaying safety information • Satellite networks in space • Military applications Security Threats to Ad Hoc Networks � Wireless communication allows attacker to • Eavesdrop on all communication • Inject malicious messages into the network � Current ad hoc network routing protocols designed for trusted environments • Highly susceptible to attacks! • Skilled attacker can prevent communication � Sample ad hoc network attacks • Wormhole attack • Rushing attack 4

  5. What is a Wormhole? C C J G A K K S E D B H F Nodes C and K open a tunnel What is a Wormhole? C J G A K S E D B H F C and K act as repeaters for their neighbors 5

  6. Why is that an Attack? � Routing protocol sees wormhole as a link � But attacker could selectively forward only routing packets, but not data � Routing protocol generally chooses route through wormhole because it is the shortest route � Attacker does not need to compromise any nodes or keys! � Result: an attacker can cripple the network when using a routing protocol that does not protect against wormholes Rushing Attack � In a rushing attack, an attacker exploits duplicate suppression in broadcasts to suppress legitimate packets by quickly forwarding its own packets � Methods for rushing • Forwarding R EQUEST without checking signature • Using a longer transmission range • Ignoring delays specified by the MAC layer • “Tunneling” a R EQUEST over another medium 6

  7. Example Rushing Attack � A sends a R OUTE R EQUEST B A D E C Example Rushing Attack � A sends a R OUTE R EQUEST � B forwards the R EQUEST without checking the signature, or otherwise rushes the R EQUEST B A D E C 7

  8. Example Rushing Attack � A sends a R OUTE R EQUEST � B forwards the R EQUEST without checking the signature, or otherwise rushes the R EQUEST � C correctly processes the R EQUEST , and forwards it later as a result B A D E C Example Rushing Attack � A sends a R OUTE R EQUEST � B forwards the R EQUEST without checking the signature, or otherwise rushes the R EQUEST � C correctly processes the R EQUEST , and forwards it later as a result � Since D has already heard a R EQUEST from this discovery, D discards the R EQUEST B A D E C 8

  9. Example Rushing Attack � B rushes the R EQUEST � C forwards it later � Since D has already heard a R EQUEST from this discovery, D discards the R EQUEST � A discovers a path through B because B rushed the R EQUEST B A D E C Basic Distance Vector Routing � Each node maintains a routing table Example table at A : Destination Metric Next Hop A 0 - B 1 B C 2 B • Computed using Distributed Bellman-Ford – Each node periodically broadcasts its routing table A B C – For each routing table entry received, compare best known route with new information 9

  10. DSDV: Using Sequence Numbers to Prevent Routing Loops Adding sequence numbers guarantees loop-freedom: � Each node maintains a sequence number � Node increments its own sequence number each time it sends a routing update about itself � Each update includes sequence number and metric � An advertised route is “better” if either: • It has a greater (more recent) sequence number, or • Sequence numbers are equal, and the metric is lower � Only the most recent sequence number matters Attacks to defend against: Claim lower metric or higher sequence number SEAD Protocol Properties SEAD (Secure Efficient Ad hoc Distance vector): � Uses one-way hash chains to authenticate metric and sequence number � Assumes a limit k-1 on metric (as in other distance vector protocols such as RIP, where k=16) • Metric value infinity can be represented as k 10

  11. SEAD Metric Authenticators � Each node generates a hash chain and distributes the last element (C 12 ) for verification � Each sequence number has 3 hash chain values � Within a sequence number • C{0,3,6,9} represent metric 0 • C{1,4,7,10} represent metric 1 • C{2,5,8,11} represent metric 2 Metric 0 Metric 1 Metric 2 Sequence 3 Sequence 2 C 0 C 1 C 2 C 3 C 4 C 5 C 6 C 7 C 8 C 9 C 10 C 11 C 12 Sequence 1 Sequence 0 SEAD Metric Authenticator Properties � SEAD metric authenticator prevents blackhole attack • Assume all nodes know authentic C 12 • Consider source announces C 9 for metric 0 • Neighbor announces C 10 for metric 1 • Attacker cannot announce lower metric! • Due to flooding, useless to announce lower metric with lower sequence number C 0 C 1 C 2 C 3 C 4 C 5 C 6 C 7 C 8 C 9 C 10 C 11 C 12 11

  12. Remaining Problems � “Same Metric” Fraud attack • Attack: Replay metric and authenticator attacker hears • Solution: Tie forwarding node address to authenticator � Denial-of-Service attack: • Attack: Claim a very high sequence number • Solution: Each sequence number gets own chain � Larger metric spaces: • Verifying even one sequence number may be expensive (e.g., if metric is based on latency or policy) • Solution: Cheaper hash-chain following Hash Tree Chains � Each step in a hash tree chain is a one-time signature Hash Chain: v i v i -1 Hash Tree Chain: ’ b 0 b 0 b 01 ’ b 1 b 1 v i v i -1 ’ b 2 b 2 b 23 ’ b 3 b 3 12

  13. Using Hash Tree Chains � As before, one step in the one-way chain corresponds to a (sequence number, metric) pair Sequence 1, Metric 1 Sequence 1, Metric 2 ’ ’ b 0 b 0 b 0 b 0 b 01 b 01 ’ ’ b 1 b 1 b 1 b 1 v i v i -1 v i -2 ’ ’ b 2 b 2 b 2 b 2 b 23 b 23 ’ ’ b 3 b 3 b 3 b 3 Using Hash Tree Chains � As before, one step in the one-way chain corresponds to a (sequence number, metric) pair � Each b i corresponds to a forwarding node � Attacker must gather correct b i to replay metric ’ ’ ’ b 0 b 0 b 0 b 0 b 0 b 0 b 01 b 01 ’ ’ ’ b 1 b 1 b 1 b 1 b 1 b 1 v i v i -1 v i -2 ’ ’ b 2 b 2 b 2 b 2 b 23 b 23 b 23 b 23 ’ ’ b 3 b 3 b 3 b 3 13

  14. SPV: Secure Path Vector Routing � Joint work with Yih-Chun Hu and Marvin Sirbu � Presented at ACM Sigcomm 2004 � SPV adds security to BGP routing protocol • Use of highly efficient one-way function to provide security • Key insight: authentication of autonomous systems on path not necessary BGP Essentials � BGP is Internet’s interdomain routing protocol • Destinations are prefixes (CIDR blocks) • Route includes list of autonomous systems (AS) � A path vector protocol • Each AS maintains routes to each prefix • It advertises a (potentially different) subset of those routes to each of its peers • Each advertised route includes an ASPATH attribute (a list of ASes the route traverses) 14

  15. Three Important Attacks � Unauthorized AS advertises a prefix • E.g., small ISP advertises Google’s prefix • ASes closer to the small ISP than to Google will send Google’s packets to the ISP � ASPATH truncation • Reduces ASPATH length, causing downstream AS to prefer attacker’s route � ASPATH alteration • Remove undesirable ASNs from the path to cause downstream ASes to prefer attacker’s route S-BGP (Kent et al.) S-BGP checks two things: � Originating AS is authorized to advertise prefix � Each AS receives delegation from previous AS Requires identification of delegating AS Disadvantages: � S-BGP requires the use of computationally expensive digital signatures • Signing is 10,000 times slower than one-way function • Verification is 1,000 times slower � Poor incremental deployment properties 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

KMART BOF Issues with existing Cryptographic Protection Methods for Routing Protocols,

KMART BOF Issues with existing Cryptographic Protection Methods for Routing Protocols,

KMART BOF Issues with existing Cryptographic Protection Methods for Routing Protocols, Requirements and Deployment Considerations David Ward What is this talk about? Introduce drafts in the routing area surrounding crypto auth in IGPs

528 views • 15 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic protocols: Concurrent programs

946 views • 69 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes, CNRS, IRISA, France Thursday, July 12th, 2018 Cryptographic protocols everywhere ! Cryptographic protocols small programs designed to secure

849 views • 80 slides
4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has

4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has

4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has columns for the destination network (or hosts) with the corresponding cost and the next router address to reach a destination. Additional

1.08k views • 84 slides
Routing In Ad Hoc Networks 1. Introduction to Ad-hoc networks 2. Routing in Ad-hoc networks 3.

Routing In Ad Hoc Networks 1. Introduction to Ad-hoc networks 2. Routing in Ad-hoc networks 3.

Routing In Ad Hoc Networks 1. Introduction to Ad-hoc networks 2. Routing in Ad-hoc networks 3. Proactive routing protocols DSDV 4. Reactive routing protocols DSR, AODV 5. Non-uniform routing protocols ZRP, CEDAR 6. Other

392 views • 22 slides
Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth M.D.Ryan@cs.bham.ac.uk research@bensmyth.com Cryptoforma 7th April 2010 Cryptographic protocols A cryptographic protocol is a distributed procedure that employs

698 views • 46 slides
Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K.

Securing Home Networks Securing Home Networks protocols protocols A SWN04 A SWN04 K. MASMOUDI, K. MASMOUDI, H. AFIFI H. AFIFI Boston, 08/2004 6 th PCRD Integrated Project Goal : provide secure communication

450 views • 22 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
What is the difference between routing and forwarding? Routing protocols: Implemented

What is the difference between routing and forwarding? Routing protocols: Implemented

Routing What is the difference between routing and forwarding? Routing protocols: Implemented distributed algorithms (scalability) Routers should have mutually consistent view of the network. Can be classified into: Intradomain

510 views • 5 slides
First steps towards cryptographically sound confidentiality analysis of cryptographic protocols

First steps towards cryptographically sound confidentiality analysis of cryptographic protocols

First steps towards cryptographically sound confidentiality analysis of cryptographic protocols Peeter Laud peeter l@ut.ee Tartu Ulikool Cybernetica AS Teooriap aevad Arulas, 3.-5.02.2003 p.1/27 Overview Cryptographic protocols.

570 views • 27 slides
Routing Algebras What are routing algebras? Created to study properties of routing protocols

Routing Algebras What are routing algebras? Created to study properties of routing protocols

Routing Algebras What are routing algebras? Created to study properties of routing protocols Does the routing protocol converge? Does the routing protocol compute optimal paths? Separates the routing data & algorithm Data

326 views • 11 slides
Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to

Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to

Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to Computer Security Announcements intermission Day 17: Crypto protocols and S protocols SSH Stephen McCamant University of Minnesota, Computer

338 views • 7 slides
PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis+ +

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis+ +

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis+ + +gvasil@ics.forth.gr+ 1! Mo%va%on! Secret!keys!may!remain!unencrypted!in!CPU! Registers,!RAM,!etc.! Memory!disclosure!a?acks! Heartbleed!

737 views • 34 slides
Routing protocols Goals of this chapter In any network of diameter > 1, the routing &

Routing protocols Goals of this chapter In any network of diameter > 1, the routing &

Ad hoc and Sensor Networks Routing protocols Goals of this chapter In any network of diameter > 1, the routing & forwarding problem appears We will discuss mechanisms for constructing routing tables in ad hoc/sensor networks

751 views • 47 slides
Analysis of Krylov subspace methods: Moments, error estimators, numerical stability and

Analysis of Krylov subspace methods: Moments, error estimators, numerical stability and

Analysis of Krylov subspace methods: Moments, error estimators, numerical stability and unexpected consequences Zden ek Strako Academy of Sciences and Charles University, Prague http://www.cs.cas.cz/strakos A joint work with Dianne P

840 views • 64 slides
Using Routing Policies Using Routing Policies Mark Prior Mark Prior Core Engineering Group

Using Routing Policies Using Routing Policies Mark Prior Mark Prior Core Engineering Group

Using Routing Policies Using Routing Policies Mark Prior Mark Prior Core Engineering Group Core Engineering Group connect.com.au connect.com.au Topics Topics Why define a routing policy? Why define a routing policy? How to

247 views • 12 slides
Comparing the Performance of Abstract Syntax Notation One (ASN.1) vs. eXtensible Markup Language

Comparing the Performance of Abstract Syntax Notation One (ASN.1) vs. eXtensible Markup Language

Comparing the Performance of Abstract Syntax Notation One (ASN.1) vs. eXtensible Markup Language (XML) Presented By: Prof. D.W.Chadwick Other Author: D.Mundy Thanks to: ISSRG Information Systems Security Research Group Contact:

613 views • 20 slides
The Role of the Head in the Interpretation of English Deverbal Compounds Gianina Iordchioaia i ,

The Role of the Head in the Interpretation of English Deverbal Compounds Gianina Iordchioaia i ,

The Role of the Head in the Interpretation of English Deverbal Compounds Gianina Iordchioaia i , Lonneke van der Plas ii , Glorianna Jagfeld i (Universitt Stuttgart i , University of Malta ii ) Wen wurmt der Ohrwurm? An interdisciplinary,

608 views • 37 slides
Eigenspace estimation for source localization using large random matrices Pascal Vallet (1) Joint

Eigenspace estimation for source localization using large random matrices Pascal Vallet (1) Joint

Eigenspace estimation for source localization using large random matrices Pascal Vallet (1) Joint work with Philippe Loubaton (1) and Xavier Mestre (2) (1) LabInfo IGM (CNRS-UMR 8049) / Universit Paris-Est (2) Centre Tecnologic de

812 views • 68 slides
Brief Introduction to the Internet Standard Management Framework Part 2: Structure of Management

Brief Introduction to the Internet Standard Management Framework Part 2: Structure of Management

Brief Introduction to the Internet Standard Management Framework Part 2: Structure of Management Information Version 2 (SMIv2) The SMI is the Data Definition Language, based loosely on an old version of ASN.1 and used to model and

517 views • 17 slides
Prolongable Satisfaction Classes and Iterations of Uniform Reflection over PA Mateusz eyk

Prolongable Satisfaction Classes and Iterations of Uniform Reflection over PA Mateusz eyk

Prolongable Satisfaction Classes and Iterations of Uniform Reflection over PA Mateusz eyk Institute of Philosophy, University of Warsaw Wormshop 2017 , Moscow, October 23, 2017 Very brief introduction This research is about the relations

1.1k views • 87 slides
Netflow, Flow-tools tutorial Gaurab Raj Upadhaya SANOG X Workshop : 29 September -7 August 2007,

Netflow, Flow-tools tutorial Gaurab Raj Upadhaya SANOG X Workshop : 29 September -7 August 2007,

Netflow, Flow-tools tutorial Gaurab Raj Upadhaya SANOG X Workshop : 29 September -7 August 2007, New Delhi Agenda Agenda bashing Do you want to see the labs, or want to discuss issues Netflow What it is and how it works

1.1k views • 91 slides

More recommend