how secure are secure how secure are secure interdomain
play

How Secure are Secure How Secure are Secure Interdomain Routing - PowerPoint PPT Presentation

Jan 12, 2024 •148 likes •701 views

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

  1. DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira Pete Hummon Jennifer Rexford Princeton University Yale & Berkeley Princeton Princeton

  2. Overview Today Internet routing is surprisingly insecure Today Internet routing is surprisingly insecure Today, Internet routing is surprisingly insecure Today, Internet routing is surprisingly insecure Decade of research on secure routing protocols • Our Goal: Compare the effectiveness of these protocols. Our Goal: Compare the effectiveness of these protocols. Each has a different set of security properties Each has a different set of security properties. • • How well do they prevent traffic attraction attacks? • Our approach: Evaluate via simulation on real data. Our approach: Evaluate via simulation on real data. Data: Map of Internet & business relationships Data: Map of Internet & business relationships • • … both [CAIDA] and [UCLA Cyclops] • $ • We use a (standard) model of routing policies We use a (standard) model of routing policies • … based on the Gao-Rexford conditions

  3. BGP: The Internet’s Routing Protocol (1a) BGP The Border Gateway Protocol (BGP) sets up paths The Border Gateway Protocol (BGP) sets up paths from Autonomous Systems (ASes) to destination IP addresses. $ $ Init 7 AG Verizon peer UPC peer Zurich IP Prefix provider 43284 20984 Prefer customer paths customer $ over peer paths over provider paths p p A model of routing policies: A model of routing policies: • Prefer cheaper paths. Then, prefer shorter paths.

  4. BGP: The Internet’s Routing Protocol (1b) BGP The Border Gateway Protocol (BGP) sets up paths The Border Gateway Protocol (BGP) sets up paths from Autonomous Systems (ASes) to destination IP addresses. $ $ $ $ Init 7 AG Verizon UPC Zurich IP Prefix $ $ 43284 $ $ 20984 Prefer customer paths $ over peer paths over provider paths p p A model of routing policies: A model of routing policies: • Prefer cheaper paths. Then, prefer shorter paths.

  5. BGP BGP: The Internet’s Routing Protocol (2) The Border Gateway Protocol (BGP) sets up paths The Border Gateway Protocol (BGP) sets up paths from Autonomous Systems (ASes) to destination IP addresses. UPC, Prefix UPC, Prefix Init 7 AG Verizon UPC Zurich IP Prefix Init 7, UPC, Prefix $ $ 43284 Verizon, UPC, Prefix 20984 43284, Init 7, UPC, Prefix A model of routing decisions: A model of routing decisions: • Prefer cheaper paths. Then, prefer shorter paths.

  6. BGP: The Internet’s Routing Protocol (3) BGP The Border Gateway Protocol (BGP) sets up paths The Border Gateway Protocol (BGP) sets up paths from Autonomous Systems (ASes) to destination IP addresses. Init 7 AG Verizon UPC Zurich IP Prefix $ $ 43284 Losing $$ Losing $$ Losing $$ Losing $$ 20984 20984,Verizon, UPC, Prefix A model of routing decisions: A model of routing decisions: • Prefer cheaper paths. Then, prefer shorter paths. • Only carry traffic if it earns you money.

  7. This talk Part 1: A model of Part 1: A model of Interdomain Interdomain Routing Routing $ Part 2: Secure Routing Protocols and Attacks Part 2: Secure Routing Protocols and Attacks Plain BGP Plain BGP Origin Authentication Origin Authentication Secure BGP Secure BGP Interlude: Finding the Optimal Attack Interlude: Finding the Optimal Attack Defensive Defensive Filtering Defensive Defensive Filtering Filtering Filtering Interlude: Attract more by announcing less Interlude: Attract more by announcing less Part 3: Results and Implications Part 3: Results and Implications

  8. Traffic Attraction Attacks (1) Attacker wants max number of ASes to route thru its network. Attacker wants max number of ASes to route thru its network. (For eavesdropping, dropping, tampering, … ) UPC, Prefix Init 7 AG Verizon UPC Zurich $ $ ? ? IP Prefix $ $ 43284 20984, Prefix 20984 20984 A model of routing decisions: A model of routing decisions: • Prefer cheaper paths. Then, prefer shorter paths. • Only carry traffic if it earns you money.

  9. Traffic Attraction Attacks (2) Attacker wants max number of ASes to route thru its network. Attacker wants max number of ASes to route thru its network. (For eavesdropping, dropping, tampering, … ) UPC, Prefix Init 7 AG Verizon UPC Zurich $ $ ? ? IP Prefix $ $ 43284 20984, Prefix 20984 20984 A model of routing decisions: A model of routing decisions: • Prefer cheaper paths. Then, prefer shorter paths. • Only carry traffic if it earns you money.

  10. Traffic Attraction Attacks (3) Attacker wants max number of ASes to route thru its network. Attacker wants max number of ASes to route thru its network. (For eavesdropping, dropping, tampering, … ) UPC, Prefix UPC, Prefix Init 7 AG Verizon UPC Zurich $ $ ? ? 43284, 20984, IP Prefix Prefix $ $ 43284 20984, Prefix 20984 Prefix 20984, Prefix 20984 20984 A model of routing decisions: A model of routing decisions: • Prefer cheaper paths. Then, prefer shorter paths. • Only carry traffic if it earns you money.

  11. Traffic Attraction Attacks (4) Attacker wants max number of ASes to route thru its network. Attacker wants max number of ASes to route thru its network. (For eavesdropping, dropping, tampering, … ) UPC, Prefix UPC, Prefix Init 7 AG Verizon UPC Zurich ? ? 43284, 20984, IP Prefix Prefix 43284  20984, Prefix 20984 Prefix 20984, Prefix 20984 20984 A model of routing decisions: A model of routing decisions: • Prefer cheaper paths. Then, prefer shorter paths. • Only carry traffic if it earns you money.

  12. Traffic Attraction Attacks (5) Attacker wants max number of ASes to route thru its network. Attacker wants max number of ASes to route thru its network. (For eavesdropping, dropping, tampering, … ) UPC, Prefix UPC, Prefix Init 7 AG Verizon UPC Zurich IP Prefix Simulations Simulations 43284  show he show he attracts 62% attracts 62% attracts 62% attracts 62% 20984 20984 of Internet! of Internet! A model of routing decisions: A model of routing decisions: • Prefer cheaper paths. Then, prefer shorter paths. • Only carry traffic if it earns you money.

  13. Security Mechanism: Origin Origin Authentication Authentication (1) Origin Authentication: A secure database that maps g p IP Prefixes to their owner ASes. UPC, Prefix Init 7 AG Verizon UPC Zurich IP Prefix 43284 20984, UPC, Prefix 20984 20984 Smart Attack Strategy: Smart Attack Strategy: Announce the shortest path Announce the shortest path I can get away with to all my neighbors! I can get away with to all my neighbors!

  14. Security Mechanism: Origin Origin Authentication Authentication (2) Origin Authentication: A secure database that maps g p IP Prefixes to their owner ASes. UPC, Prefix Init 7 AG Verizon UPC Zurich $ $ ? ? IP Prefix $ $ 43284 20984, UPC, Prefix 20984 20984 Smart Attack Strategy: Smart Attack Strategy: Announce the shortest path Announce the shortest path I can get away with to all my neighbors! I can get away with to all my neighbors!

  15. Security Mechanism: Origin Origin Authentication Authentication (3) Origin Authentication: A secure database that maps g p IP Prefixes to their owner ASes. UPC, Prefix Init 7 AG Verizon UPC Zurich $ $ ? ? IP Prefix $ $ 43284 20984, UPC, Prefix 20984 20984 Smart Attack Strategy: Smart Attack Strategy: Announce the shortest path Announce the shortest path I can get away with to all my neighbors! I can get away with to all my neighbors!

  16. Security Mechanism: Origin Origin Authentication Authentication (4) Origin Authentication: A secure database that maps g p IP Prefixes to their owner ASes. UPC, Prefix UPC, Prefix Init 7 AG Verizon UPC Zurich 43284, 20984, IP Prefix UPC, Prefix 43284 20984, UPC, Prefix 20984 UPC Prefix 20984, UPC, Prefix 20984 20984 Smart Attack Strategy: Smart Attack Strategy: Announce the shortest path Announce the shortest path I can get away with to all my neighbors! I can get away with to all my neighbors!

  17. Security Mechanism: Origin Origin Authentication Authentication (5) Origin Authentication: A secure database that maps g p IP Prefixes to their owner ASes. UPC, Prefix UPC, Prefix Init 7 AG Verizon UPC Zurich 43284, 20984, IP Prefix UPC, Prefix 43284 20984, UPC, Prefix 20984 UPC Prefix 20984, UPC, Prefix 20984 20984 Smart Attack Strategy: Smart Attack Strategy: Announce the shortest path Announce the shortest path I can get away with to all my neighbors! I can get away with to all my neighbors!

  18. Security Mechanism: Origin Origin Authentication Authentication (6) Origin Authentication: A secure database that maps g p IP Prefixes to their owner ASes. Init 7 AG Verizon UPC Zurich IP Prefix Simulations Simulations 43284 show he show he attracts 58% attracts 58% attracts 58% attracts 58% 20984 20984 of Internet! of Internet! Smart Attack Strategy: Smart Attack Strategy: Announce the shortest path Announce the shortest path I can get away with to all my neighbors! I can get away with to all my neighbors!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure OT is impossible (even against PPT adversaries) in the plain model (i.e., without the help of another functionality) But possible from simple

527 views • 16 slides
and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff & Kenneth R. Van Wyk

753 views • 17 slides
Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

SECUR E SOCIAL, EMOTIONAL, AND COGNITIVE UNDERSTANDING AND REGULATION Created by Success for All, University of Michigan, and Harvard University Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

957 views • 59 slides
Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

366 views • 14 slides
Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

One-Slide Summary Users often authenticate themselves by providing passwords. We store and compare hashes of passwords, Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state associated with a webpage

103 views • 9 slides
Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE Convenient What is Secure Returns ? Secure Returns is a secure website where you and your clients can securely upload & download confidential

202 views • 9 slides
Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC

Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC

Black-Box Constructions of Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC Secure MPC Goal: Allow a set of distrustful parties to compute ANY function f on their own Secure MPC Goal: Allow a set

1.11k views • 98 slides
Who tells you that your secure product is actually secure?

Who tells you that your secure product is actually secure?

Who tells you that your secure product is actually secure? Think about the 6me it stays on the field It went through a security evalua6on

866 views • 28 slides
What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recent Security Incidents Garmin Ransomware -- $10 million Sync servers down for many days

506 views • 21 slides
Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava CCSW 2009: The ACM Cloud Computing Security Workshop 1 The Problem Providing secure and

414 views • 19 slides
Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Networking Secure apps Aims Crypto Basics Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014

389 views • 26 slides
SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE)

SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE)

SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE) Act of 2019 (H.R. 1994) Introduced in the House March 29, 2019 Passed House Ways & Means Committee April 2, 2019 Passed House

354 views • 12 slides
Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka ,

Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka ,

Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka , Hongyi Hu, Bryan Eastes, and Michelle L. Mazurek 12 Aug 2018 SECURE DEVELOPMENT 2 SECURE DEVELOPMENT 2 SECURE DEVELOPMENT 2 SECURE

565 views • 39 slides
Secure Drupal Development Steven Van den Hout Steven Van den Hout

Secure Drupal Development Steven Van den Hout Steven Van den Hout

Secure Drupal Development Steven Van den Hout Steven Van den Hout @stevenvdhout http://dgo.to/@svdhout SECURE? 1 IS D DRUPAL AL S IS OPEN SOURCE SECURE? MANY EYES MAKE FOR SECURE CODE - Security by obscurity - Open

641 views • 51 slides
Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message Transmission Schemes Yvo Desmedt 1 , 2 Stelios Erotokritou 1 Reihaneh Safavi-Naini 3 1 Department of Computer Science University College London, UK 2

459 views • 33 slides
Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key Components SKE, MAC Public-Key Components PKE, Digital Signatures Building blocks: Block-ciphers (AES), Hash-functions (SHA-3), Trapdoor PRG/OWP for PKE

1.07k views • 72 slides
Accurate Numerical Simula.ons of Chemical Phenomena Involved in

Accurate Numerical Simula.ons of Chemical Phenomena Involved in

Accurate Numerical Simula.ons of Chemical Phenomena Involved in Energy Produc.on and Storage Using MADNESS lvaro Vzquez-Mayagoi3a (ALCF), Jeff Hammond

344 views • 19 slides
communication-optimal QR factorizations: performance and scalability on varying architectures

communication-optimal QR factorizations: performance and scalability on varying architectures

communication-optimal QR factorizations: performance and scalability on varying architectures Edward Hutter and Edgar Solomonik Department of Computer Science University of Illinois at Urbana-Champaign Blue Waters Symposium 2019 Edward Hutter

1.04k views • 84 slides
Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill

Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill

SIGCOMM 2011 Toronto, ON Aug. 16, 2011 Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Michael Schapira Sharon Goldberg Princeton University Boston University Incentives for

491 views • 31 slides
Chapter 7.3: Euripides Life and Career Life and Career wrote something around 90 plays

Chapter 7.3: Euripides Life and Career Life and Career wrote something around 90 plays

Chapter 7.3: Euripides Life and Career Life and Career wrote something around 90 plays i.e. 20+ entries at the Dionysia younger than Sophocles by ca. 10 years and died a few months before him thus, they must have competed

411 views • 21 slides
Introduction Vast transistor budgets, but .... Poor interconnect scaling Pressure to

Introduction Vast transistor budgets, but .... Poor interconnect scaling Pressure to

Introduction Vast transistor budgets, but .... Poor interconnect scaling Pressure to decentralise designs 7 On-Chip Interconnection Networks Need to manage complexity and power Need for flexible/fault tolerant designs

405 views • 16 slides
August 23, 2017 Wednesday 8/23 To start: What do you know about MLA format? Our mission:

August 23, 2017 Wednesday 8/23 To start: What do you know about MLA format? Our mission:

August 23, 2017 Wednesday 8/23 To start: What do you know about MLA format? Our mission: Understand the fictional context for the epic The Odyssey . Correct the MLA format on your first paper. Homework - Read and notes Book One by Thursday.

161 views • 3 slides
Euler, Plato & balloons! Euler : The master of us all! Born in Basel, Switzerland in 1707

Euler, Plato & balloons! Euler : The master of us all! Born in Basel, Switzerland in 1707

Euler, Plato & balloons! Euler : The master of us all! Born in Basel, Switzerland in 1707 to a pastor. Got his Master of Philosophy degree at the ripe young age of 16. Moved to St Petersburg, Russia to become Professor of Physics

968 views • 55 slides
Lecture 1: Artistic Rivalry Dr. Sunnie Evers January 7,2020 Rebirth of antique culture Raphael

Lecture 1: Artistic Rivalry Dr. Sunnie Evers January 7,2020 Rebirth of antique culture Raphael

Lecture 1: Artistic Rivalry Dr. Sunnie Evers January 7,2020 Rebirth of antique culture Raphael in charge of antiquities - working on visual survey of Roman antiquities and map of ancient Rome increased discoveries: Laocoon in 1506, Golden

474 views • 30 slides

More recommend