Or Routing is as Insecure as the Rest of the Flippin Internet, but - - PowerPoint PPT Presentation

or routing is as insecure as the rest of the flippin
SMART_READER_LITE
LIVE PREVIEW

Or Routing is as Insecure as the Rest of the Flippin Internet, but - - PowerPoint PPT Presentation

Mar 21, 2024 325 likes •481 views

This Space Intentionally Left Blank to Hold Space Just in Case Routing Security Appears Or Routing is as Insecure as the Rest of the Flippin Internet, but its Scarier Steven M Bellovin <smb@cs.columbia.edu> Randy Bush

slide-1
SLIDE 1

This Space Intentionally Left Blank to Hold Space Just in Case Routing Security Appears

Or Routing is as Insecure as the Rest of the Flippin’ Internet, but it’s Scarier

Steven M Bellovin <smb@cs.columbia.edu> Randy Bush <randy@psg.com> Rossella Mattioli <rossella.mattioli@enisa.europa.eu>

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 1

slide-2
SLIDE 2

What are the Assets?

  • Traffic Content
  • Meta-Data

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 2

slide-3
SLIDE 3

p5 of ENISA’s Threat Landscape and Good Practice Guide for Internet Infrastructure

Infrastructure Assets

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 3

slide-4
SLIDE 4

What are the Threats?

  • Traffic Content Inspection
  • Traffic Content Modification
  • Traffic Injection
  • Traffic Analysis

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 4

These are all Attacks on the Data Plane by Manipulating the Control Plane

slide-5
SLIDE 5

European Union Agency for Network and Information Security www.enisa.europa.eu

5

ENISA ¡Threat ¡Landscape ¡Report ¡ ¡

http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/iitl

slide-6
SLIDE 6

European Union Agency for Network and Information Security www.enisa.europa.eu

6

Current ¡Internet ¡infrastructure ¡threats ¡

Threat ¡groups ¡ Threat ¡types ¡ Trends ¡ Rou;ng ¡Threats ¡ Nefarious ¡Ac-vity/Abuse ¡ Increasing ¡Ý ¡ ¡ Eavesdropping/Intercep-on/Hijacking ¡ Increasing ¡Ý ¡ DNS ¡Threats ¡ Nefarious ¡Ac-vity/Abuse ¡ Decreasing ¡Þ Þ ¡ Denial ¡of ¡Service ¡ Nefarious ¡Ac-vity/Abuse ¡ Increasing ¡Ý ¡ Generic ¡Threats ¡ Physical ¡a@ack ¡ N/A ¡ Damage/Loss ¡ Increasing ¡Ý ¡ Failures/Malfunc-ons ¡ Increasing ¡Ý ¡ Nefarious ¡ac-vity/Abuse ¡ Increasing ¡Ý ¡ Eavesdropping/Intercep-on/Hijacking ¡ Increasing ¡Ý ¡

slide-7
SLIDE 7

Who is Attacking?

  • Financial (traffic content and diversion)
  • Nation State (traffic content and analysis,

diversion, modification)

  • Revenge/Extortion (DDoS)
  • Spammers (address space misappropriation)

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 7

slide-8
SLIDE 8

Circuits (Fiber & Cable Taps) Router Hardware & Software (NSA Implants) Routing Protocol Weakness Gaming Well-Implemented Routing Protocols

Where are They Attacking?

We Focus Here

External Infrastructure (IRR, Whois, RPKI)

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 8

slide-9
SLIDE 9

Internet Routing is Not a Disaster Waiting to Happen It is a Disaster Happening Every Day

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 9

slide-10
SLIDE 10

And This Has Been Going

  • n for Two Decades

Mis-Originations

7007 Incident 128/9 YouTube/Pakistan 61.0.0.0/8 originated by spamming AS4678 for two years d000::/8 originated by spamming AS28716 for two months

Path Attacks

L0pht in 1998 Amazon/BitCoin Capela/Pilosov Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks – Vervier, Thonnard, & Dacier

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 10

slide-11
SLIDE 11

Constraints on Cure

  • Compatible
  • Low Cost to Deploy
  • Does not Increase Operator Risk
  • Does not Increase Competitive Exposure
  • Vendors Need to See Demand & Profit
  • Operators Need to See Demand & Profit
  • Users Need to See Benefit

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 11

slide-12
SLIDE 12

Lessons of IPv6

  • Product of Committee Compromise
  • Not Backward Compatible
  • Producing 300 Transition Mechanisms
  • Not Backward Compatible
  • Second System Syndrome (featuritis)
  • Not Backward Compatible
  • High Migration Cost to Vendors & Operators
  • Not Backward Compatible
  • Finger-Pointing (vendors, operators, …)

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 12

slide-13
SLIDE 13

Why RPKI-Based Origin Validation Happened

  • Runs on Existing Hardware
  • Very Low Cost for Operators to Deploy
  • Deployable Without Coordination
  • Designed by a Small Cabal of Security,

Crypto, Routing, Ops, Vendors

  • Vendors Did Us a Favor and Implemented

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 13

slide-14
SLIDE 14

ARIN 388 RIPE >2,700 LACNIC >450 New Reg UI

150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 14