Link-Cutting Attacks Steven M. Bellovin Emden R. Gansner - - PowerPoint PPT Presentation

Link-Cutting Attacks

Link-Cutting Attacks

Steven M. Bellovin Emden R. Gansner smb@research.att.com erg@research.att.com AT&T Labs Research Florham Park, NJ 07932

Steven M. Bellovin — August 7, 2003

1

Link-Cutting Attacks

Classic Routing Attacks: Z Can Lie

Z−>X: Y(5), B(3) X Y Z Host B Host A 10 5 5 5 10 Y−>X, Y−>Z: B(10) X−>A: Z(5), Y(5), B(8)

Note that X is telling the truth as it knows it.

Steven M. Bellovin — August 7, 2003

2

Link-Cutting Attacks

What Can We Do?

In theory, we can secure routing protocols.

SBGP uses digitally signed paths; there’s also a Secure OSPF design.

• But. . .

Steven M. Bellovin — August 7, 2003

3

Link-Cutting Attacks

A New Attack

Suppose that we’ve deployed secure routing protocols

Suppose the attacker controls some links or nodes, and has a map of the topology.

It’s computationally feasible for the attacker to calculate what links to cut to force traffic past the controlled points.

Steven M. Bellovin — August 7, 2003

4

Link-Cutting Attacks

The Attacker Has Compromised Node X1

A Wa0 D Za0 Wb0 Wb1 Xb1 Zb0 Wa1 Wa2 Wa3 Xb0 Xa0 Xa1 Xa2 Xa3 Yb0 Yb1 Ya0 Ya1 Ya2 Ya3 Zb1 Za1 Za2 Za3 B C

The dotted lines are the cut links.

Steven M. Bellovin — August 7, 2003

5

Link-Cutting Attacks

Results

In hundreds of trials on intra- and inter-ISP topologies, we had a success rate of 80-90%.

Each calculation takes at most a few seconds, even on very large topologies.

Steven M. Bellovin — August 7, 2003

6

Link-Cutting Attacks

http://www.research.att.com/˜smb/papers/reroute.ps http://www.research.att.com/˜smb/papers/reroute.pdf

Steven M. Bellovin — August 7, 2003

7