robert lychev sharon goldberg michael schapira
play

Robert Lychev Sharon Goldberg Michael Schapira Georgia Tech - PowerPoint PPT Presentation

Feb 04, 2024 •212 likes •716 views

Robert Lychev Sharon Goldberg Michael Schapira Georgia Tech Boston University Hebrew University Boston University 1 q Many widely used communication protocols on the Internet were not originally

  1. Robert Lychev Sharon Goldberg Michael Schapira Georgia ¡Tech ¡ Boston ¡University ¡ Hebrew ¡University ¡ Boston ¡University ¡ 1 ¡

  2. q Many widely used communication protocols on the Internet were not originally designed with security considerations in mind q When working on designing and deploying new secure protocols we are faced with the following question: o How can we provide sufficient protection against attackers, while minimizing our resources and without introducing new complications? q This is especially crucial, when the new secure protocols have to be partially deployed together with legacy insecure protocols 2 ¡

  3. What does (partially-deployed) BGPSEC offer over RPKI? Security Benefits or Juice q road to BGPSEC full-deployment is very tricky because introducing security only partially introduces new vulnerabilities (Or, is the juice worth the squeeze?) q not fully deployed BGPSEC provides only meager benefits over RPKI if network operators do not prioritize security in their routing policies • In standardization • In deployment • Crypto done online • Crypto done offline BGP and BGPSEC x i e f r p , n g r x O i e f 8 , r 2 p 8 , 2 n g coexistence r O x f i 8 , e 2 r 8 p 2 , , n 3 g 2 r 3 O 4 , 8 S 2 8 2 3 , 2 3 4 P , S S S RPKI BGP BGPSEC ( origin authentication ) 3 ¡

  4. 1. Background: BGP, RPKI, BGPSEC 1. routing policies when BGPSEC is only partially deployed 2. 2. BGPSEC in partial deployment is tricky 3. Is the juice worth the squeeze? 4. Summary 4 ¡

  5. 4323, 2828, Orgn prefix ¡ ¡ Sprint,4323,2828,Orgn Sprint ¡ prefix ¡ 4323 ¡ 2828, Orgn prefix ¡ 2828 ¡ A ¡ Orgn prefix ¡ Origin ¡ prefix ¡ 5 ¡ 5 ¡

  6. 4323, 2828, Orgn prefix ¡ ¡ Sprint ¡ 4323 ¡ ? A prefix ¡ Which route to choose? 2828 ¡ Use routing policies: e.g. prefer shorter routes. A ¡ A ¡ Origin ¡ prefix ¡ prefix ¡ 6 ¡ 6 ¡

  7. 4323, 2828, Orgn prefix ¡ ¡ RPKI invalid! Sprint ¡ 4323 ¡ A prefix ¡ Sprint checks that 2828 ¡ A is not authorized for this prefix A ¡ Origin ¡ prefix ¡ prefix ¡ RPKI Binds prefixes to ASes authorized to originate them. 7 ¡ 7 ¡

  8. 4323, 2828, Orgn prefix ¡ ¡ RPKI invalid! Sprint ¡ 4323 ¡ ? A, Orgn A prefix ¡ ¡ prefix ¡ Which route to choose? 2828 ¡ Use routing policies: e.g. prefer shorter routes. A ¡ Origin ¡ prefix ¡ RPKI Binds prefixes to ASes authorized to originate them. 8 ¡ 8 ¡

  9. 2828, Orgn, prefix 4323,2828, Orgn, prefix SP, 4323,2828,Orgn, prefix S S S Sprint ¡ BGPSEC invalid! P/S 4323 ¡ ? ¡ ¡ A,Orgn,prefix P/S SP,A,Orgn,prefix S Sprint can verify that the Origin never sent 2828 ¡ A, Orgn, prefix P/S S A ¡ P/S 2828, Orgn, prefix S Origin ¡ prefix ¡ P/S RPKI 9 ¡ 9 ¡

  10. Security Benefits or Juice suppose RPKI is fully deployed and focus on 1-hop hijack prevent route manipulations prevent prefix hijacks What happens when BGP x f i e p r n , g and BGPSEC coexist? O r x f i , e 8 p r 2 8 n , 2 g O r x , f i 8 e 2 p r 8 2 n , 3 , g 2 3 O r 4 , 8 S 2 8 2 , 3 2 3 4 , P S S S RPKI BGP BGPSEC ( origin authentication ) 10 ¡

  11. 2828, Orgn, prefix 4323, 2828, Orgn, prefix SP, 4323, 2828, Orgn, prefix S S ? In BGPSEC Should Sprint choose insecure ASes the long secure route OR Sprint ¡ S use legacy BGP, the short insecure one? P/S and secure ASes 4323 ¡ must accept P/S A, Orgn legacy insecure prefix ¡ routes! 2828 ¡ P/S A ¡ A ¡ P/S Siemens ¡ P/S Origin ¡ prefix ¡ P/S RPKI It depends on how Sprint prioritizes security in its routing decision! 11 ¡ 11 ¡

  12. 1. local preference (often based on business relationships with neighbors) 2. prefer short routes … 3. break ties in a consistent manner 12 ¡

  13. Local Pref, Route Length Security 1 st Security 1. local preference (often based on business relationships with neighbors) Security 2 nd Security Local Pref, 2. prefer short routes Route Length Security 3 rd 3. break ties in a consistent manner ² NANOG ¡survey ¡of ¡100 ¡network ¡operators ¡shows ¡that ¡10%, ¡20%, ¡ and ¡41% ¡would ¡place ¡security ¡1 st , ¡2 nd , ¡and ¡3 rd ¡respecMvely ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ ¡ [Gill, ¡Schapira, ¡Goldberg’12] ¡ ¡ 13 ¡

  14. Security 1 st 1. local preference (prefer customer routes over peer over provider routes) Security 2 nd 2. prefer short routes Security 3 rd 3. break ties in a consistent manner ² To ¡study ¡rouMng ¡outcomes, ¡we ¡use ¡a ¡concrete ¡model ¡of ¡local ¡ preference. ¡ [Gao-­‑Rexford’00, ¡Huston’99, ¡etc.] ¡ ² Our ¡results ¡are ¡robust ¡with ¡respect ¡to ¡various ¡local ¡pref ¡models ¡ 14 ¡

  15. 1. Background: BGP, RPKI, BGPSEC, routing policies 2. BGPSEC in partial deployment is tricky Protocol downgrade attacks 1. Collateral damages 2. Routing anomalies (Routing instabilities and BGP Wedgies) 3. 3. Is the Juice worth the squeeze? 4. Summary 15 ¡

  16. 2828, Orgn, prefix 4323,2828, Orgn, prefix SP, 4323, 2828, Orgn, prefix S S Security 3 rd : ? Route length trumps S Sprint ¡ route security! P/S 4323 ¡ P/S A, Orgn prefix ¡ 2828 ¡ P/S A ¡ Origin ¡ prefix ¡ P/S Protocol downgrade attack: Before the attack, Sprint has a legitimate secure route. During the attack, Sprint downgrades to an insecure bogus route . 16 ¡ 16 ¡

  17. No ¡protocol ¡ No ¡collateral ¡ No ¡rouNng ¡ We ¡prove… ¡ downgrades? ¡ damages? ¡ anomalies? ¡ J ¡ J Security ¡1st ¡ L ¡ L Security ¡2nd ¡ L ¡ L Security ¡3rd ¡ ? Sprint Protocol downgrade attack: P/S 4323 A, Orgn P/S A secure AS with a secure route before prefix the attack, downgrades to an insecure 2828 ¡ P/S A bogus route during the attack. P/S Siemens Origin prefix ¡ P/S 17 ¡

  18. 20960 3257 52142 12389 3356 5617 174 P/S 3491 P/S 10310 P/S M ¡ 7922 P/S 40426 prefix ¡ P/S

  19. Before X deploys BGPSEC W ? X offers the Y Secure ASes: 5 shorter route Happy ASes: 8 Z X V P/S ? Shorter route! P/S P/S M ¡ P/S Orgn prefix ¡ P/S

  20. After X deploys BGPSEC W ? Y experiences W offers the Y collateral damage shorter route! because X is secure! Z X V P/S P/S ? Security 2 nd : Secure ASes: 6 P/S Security trumps Happy ASes: 7 route length! P/S M ¡ P/S Orgn prefix ¡ P/S

  21. No ¡protocol ¡ No ¡collateral ¡ No ¡rouNng ¡ We ¡prove… ¡ downgrades? ¡ damages? ¡ anomalies? ¡ J ¡ L ¡ J L Security ¡1st ¡ L ¡ L ¡ L L Security ¡2nd ¡ L ¡ J ¡ L J Security ¡3rd ¡ 20960 3257 Collateral damage (during the attack): ? 52142 12389 More secure ASes leads to more insecure 3356 5617 5617 174 P/S P/S ASes choosing bogus routes ? 3491 P/S 10310 P/S prefix A 7922 P/S 40426 21 ¡ P/S

  22. q Routing policies can also interact in ways that can cause BGP Wedgies [Griffin and Huston, rfc-4264, 2005] o can result in unpredictable and undesirable routing configurations 22 ¡

  23. 31027 ¡ for 29518 , local pref P/S is more important 29518 ¡ than security intended P/S routing configuration for 31283 security 31283 ¡ is more important 3 ¡ P/S than local pref P/S 8928 ¡ Origin ¡ prefix ¡ P/S 23 ¡

  24. 31027 ¡ for 29518 , local pref P/S is more important 29518 ¡ than security un intended P/S routing configuration for 31283 security 31283 ¡ is more important 3 ¡ P/S than local pref P/S 8928 ¡ Origin ¡ prefix ¡ P/S 24 ¡

  25. No ¡protocol ¡ No ¡collateral ¡ No ¡rouNng ¡ We ¡prove… ¡ downgrades? ¡ damages? ¡ anomalies? ¡ J ¡ L ¡ J ¡ J L J Security ¡1st ¡ L ¡ L ¡ J ¡ L L J Security ¡2nd ¡ L ¡ J ¡ J ¡ L J J Security ¡3rd ¡ Routing anomalies such as BGPSEC Wedgies and persistent routing oscillations and can be avoided as long as all ASes prioritize security the same way. Otherwise, these routing anomalies could happen. 25 ¡

  26. 1. Background: BGP, RPKI, BGPSEC, routing policies 2. BGPSEC in partial deployment is tricky 3. Is the Juice worth the Squeeze? How can we quantify BGPSEC benefits? 1. Can we bound BGPSEC benefits without knowing who may deploy it? 2. What are BGPSEC benefits beyond what RPKI can provide? 3. 4. Summary 26 ¡

  27. Fix a particular Origin, attacker A and let S be the set of ASes deploying BGPSEC Sprint 4323 2828 A S = Siemens | Happy(S, A, Origin) | = 3 ¡ Origin prefix prefix The set of ASes choosing a legitimate route is Happy S , , A Origin prefix ¡ 27 ¡

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
How Secure and Quick is QUIC? Provable Security and Performance Analyses Robert Lychev * , Samuel

How Secure and Quick is QUIC? Provable Security and Performance Analyses Robert Lychev * , Samuel

How Secure and Quick is QUIC? Provable Security and Performance Analyses Robert Lychev * , Samuel Jero + , Alexandra Boldyreva * , and Cristina Nita-Rotaru ++ * Georgia Institute ++ Northeastern + Purdue of T echnology University University 1

536 views • 31 slides
Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill

Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill

SIGCOMM 2011 Toronto, ON Aug. 16, 2011 Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Michael Schapira Sharon Goldberg Princeton University Boston University Incentives for

491 views • 31 slides
Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton

Jobtalk Securing Internet Routing Securing Internet Routing $ Local ISP Sharon Goldberg g Princeton University Based on work with: Based on work with: Boaz Barak, Shai Halevi, Aaron Jaggard, Vijay Ramachandran, Jennifer Rexford, Eran

1.12k views • 42 slides
Identification of Transliterated Foreign Words in Hebrew Script Yoav Goldberg Michael Elhadad

Identification of Transliterated Foreign Words in Hebrew Script Yoav Goldberg Michael Elhadad

Introduction Method Evaluation and Results Summary Identification of Transliterated Foreign Words in Hebrew Script Yoav Goldberg Michael Elhadad CiCLing 2008, Haifa, Israel Yoav Goldberg, Michael Elhadad Foreign Word Identification

921 views • 69 slides
Interdomain Routing and Games Hagay Levin Michael Schapira Aviv Zohar Abstract We

Interdomain Routing and Games Hagay Levin Michael Schapira Aviv Zohar Abstract We

Interdomain Routing and Games Hagay Levin Michael Schapira Aviv Zohar Abstract We present a game-theoretic model that captures many of the intricacies of interdomain routing in todays Internet. In this model, the strategic agents are

429 views • 17 slides
HMM Can Find Pretty Good POS Taggers (When Given a Good Start) Yoav Goldberg Meni Adler Michael

HMM Can Find Pretty Good POS Taggers (When Given a Good Start) Yoav Goldberg Meni Adler Michael

Introduction Initial Conditions For POS Tagging Experiments HMM Can Find Pretty Good POS Taggers (When Given a Good Start) Yoav Goldberg Meni Adler Michael Elhadad university-logo ACL 2008, Columbus, Ohio Yoav Goldberg, Meni Adler, Michael

725 views • 45 slides
MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston

MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston

MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston University Outline Background How does BGP work? How does RPKI work? What is the maxLength? How maxLength causes problems

741 views • 34 slides
Michael Goldberg University of Cincinnati AMS National Meeting, Baltimore, MD. January 18, 2014.

Michael Goldberg University of Cincinnati AMS National Meeting, Baltimore, MD. January 18, 2014.

Bochner-Riesz Estimates for Functions with Vanishing Fourier Transform Michael Goldberg University of Cincinnati AMS National Meeting, Baltimore, MD. January 18, 2014. Support provided by Simons Foundation grant #281057. Motivation: When does

680 views • 16 slides
32 nd Annual Goldberg Family Lecture and Special 50 th Anniversary Lecture September 23, 2016 1

32 nd Annual Goldberg Family Lecture and Special 50 th Anniversary Lecture September 23, 2016 1

9/ 26/ 2016 32 nd Annual Goldberg Family Lecture and Special 50 th Anniversary Lecture September 23, 2016 1 Emanuel and Nathalie Goldberg 1 9/ 26/ 2016 Goldberg Family Lectures, 1985 2016 1985 Sir Roger Baninster, M.D. 2001 Michael

243 views • 3 slides
Inspecting the Structural Biases of Dependency Parsing Algorithms Yoav Goldberg and Michael

Inspecting the Structural Biases of Dependency Parsing Algorithms Yoav Goldberg and Michael

Inspecting the Structural Biases of Dependency Parsing Algorithms Yoav Goldberg and Michael Elhadad Ben Gurion University CoNLL 2010, Sweden There are many ways to parse a sentence There are many ways to parse a sentence Transition Based

1.06k views • 81 slides
A rvin Goldberg rvin Goldberg rvin Goldberg rvin Goldberg A rvin Goldberg rvin Goldberg rvin

A rvin Goldberg rvin Goldberg rvin Goldberg rvin Goldberg A rvin Goldberg rvin Goldberg rvin

A rvin Goldberg rvin Goldberg rvin Goldberg rvin Goldberg A rvin Goldberg rvin Goldberg rvin Goldberg rvin Goldberg A A A A A A Senior VP, Strategic Business Units Senior VP, Strategic Business Units Merchandising Merchandising

973 views • 15 slides
splitSVM: Fast, Space-Efficient, non-Heuristic, Polynomial Kernel Computation for NLP

splitSVM: Fast, Space-Efficient, non-Heuristic, Polynomial Kernel Computation for NLP

splitSVM: Fast, Space-Efficient, non-Heuristic, Polynomial Kernel Computation for NLP Applications Yoav Goldberg Michael Elhadad university-logo ACL 2008, Columbus, Ohio Yoav Goldberg, Michael Elhadad splitSVM: Fast SVM Decoder

288 views • 12 slides
Explicit Expanding Expanders as Datacenter Topologies Michael Dinitz Johns Hopkins University

Explicit Expanding Expanders as Datacenter Topologies Michael Dinitz Johns Hopkins University

Explicit Expanding Expanders as Datacenter Topologies Michael Dinitz Johns Hopkins University Based on joint work with Michael Schapira, Gal Shahaf, and Asaf Valadarsky (Hebrew University of Jerusalem) Outline Question: how should we wire

937 views • 90 slides
Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon

Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon

BFOC13. Boston University Impacting IP Address Reachability via RPKI Manipulations Kyle Brogle Danny Cooper Sharon Goldberg Leonid Reyzin Princeton University Boston University How Secure is Internet Routing Today? (1) I am

375 views • 14 slides
Network Time Protocol (NTP) server client Aanchal Malhotra Isaac E. Cohen, Erik Brakke Sharon

Network Time Protocol (NTP) server client Aanchal Malhotra Isaac E. Cohen, Erik Brakke Sharon

NDSS, 2016 Attacking the Network Time Protocol (NTP) server client Aanchal Malhotra Isaac E. Cohen, Erik Brakke Sharon Goldberg Outline of the talk Background How does NTP work? How does NTP client take time? Our attacks

497 views • 16 slides
DECEPTIONS hosted by: IN CMBS SPEAKERS Ann Hambly President & CEO 1st Service Solutions

DECEPTIONS hosted by: IN CMBS SPEAKERS Ann Hambly President & CEO 1st Service Solutions

free Webinar DECEPTIONS hosted by: IN CMBS SPEAKERS Ann Hambly President & CEO 1st Service Solutions Commercial Real Estate Advisors Commercial real estate is no longer a relationship business. Owners often dont have access to, or

500 views • 34 slides
mitigate the effects of the Stefan Ingves coronavirus on the Governor of Sveriges Riksbank

mitigate the effects of the Stefan Ingves coronavirus on the Governor of Sveriges Riksbank

How the Riksbanks measures are helping to mitigate the effects of the Stefan Ingves coronavirus on the Governor of Sveriges Riksbank economy The Riksbank, 3 April 2020 Everything has changed in two weeks Unusual yet still typical

462 views • 7 slides
Building Codes Building Codes Building Codes Building Codes 1 1 Builder Responsibilities

Building Codes Building Codes Building Codes Building Codes 1 1 Builder Responsibilities

Building Codes Building Codes Building Codes Building Codes 1 1 Builder Responsibilities Builder Responsibilities Load & Code Data Load & Code Data Supplied by the Builder Supplied by the Builder Verify

1.33k views • 103 slides
Economic Injury Disaster Loan- SIMPLIFIED Your MS Small Business Development Center We are HERE-

Economic Injury Disaster Loan- SIMPLIFIED Your MS Small Business Development Center We are HERE-

Economic Injury Disaster Loan- SIMPLIFIED Your MS Small Business Development Center We are HERE- We can HELP Economic Injury Disaster Loans (EIDL) We are working diligently to meet customer demand for the EIDL and make the process as

507 views • 31 slides
Estimating Macroeconomic Models of Financial Crises: An Endogenous Regime-Switching Approach

Estimating Macroeconomic Models of Financial Crises: An Endogenous Regime-Switching Approach

Introduction Model Solution and Estimation Results Conclusion Estimating Macroeconomic Models of Financial Crises: An Endogenous Regime-Switching Approach Gianluca Benigno 1 Andrew Foerster 2 Christopher Otrok 3 Alessandro Rebucci 4 1 London

433 views • 30 slides
SBA As Di Disaster De Decla larati tion Ma Make kes L Loans Av Availa lable le

SBA As Di Disaster De Decla larati tion Ma Make kes L Loans Av Availa lable le

SBA As Di Disaster De Decla larati tion Ma Make kes L Loans Av Availa lable le Due Due to to the the Co Coronav avirus ( (CO COVI VID-19) 9) The U.S. Small Business Administration (SBA) is offering designated states and

649 views • 16 slides
IP-XACT for IP providers Arteris IP example case IPSoC Conference, December 2019 12/11/2019 1

IP-XACT for IP providers Arteris IP example case IPSoC Conference, December 2019 12/11/2019 1

IP-XACT for IP providers Arteris IP example case IPSoC Conference, December 2019 12/11/2019 1 Agenda For all types of IPs: Plug-and-play integration for your customers Generation of collateral from IP-XACT Deliverables

701 views • 16 slides
The International Medium of Exchange Ryan Chahrour and Rosen Valchev (Boston College) Discussion

The International Medium of Exchange Ryan Chahrour and Rosen Valchev (Boston College) Discussion

The International Medium of Exchange Ryan Chahrour and Rosen Valchev (Boston College) Discussion by: Martin Wolf (U Vienna) June 2019 What the paper does Propose a theory of endogenous coordination on the international medium of exchange 1/9

927 views • 20 slides

More recommend