Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.

Lecture 27Page 1Advanced Network Security

Routing Security Advanced Network Security

Peter ReiherAugust, 2014

Lecture 27Page 2Advanced Network Security

Outline

• How to secure routing protocols

• BGP security

• Securing other styles of routing protocols

Lecture 27Page 3Advanced Network Security

Routing Security

• Routing protocols control how packets flow through the Internet

• If they aren’t protected, attackers can alter packet flows at their whim

• Most routing protocols were not built with security in mind

Lecture 27Page 4Advanced Network Security

Routing Protocol Security Threats

• Threats to routing data secrecy– Usually not critical

• Threats to routing protocol integrity– Very important, since tampering with

routing integrity can be bad• Threats to routing protocol availability

– Potential to disrupt Internet service

Lecture 27Page 5Advanced Network Security

What Could Really Go Wrong?

• Packets could be routed through an attacker• Packets could be dropped

– Routing loops, blackhole routing, etc.• Some users’ service could be degraded• The Internet’s overall effectiveness could be

degraded– Slow response to failures– Total overload of some links

• Many types of defenses against other attacks presume correct routing

Lecture 27Page 6Advanced Network Security

Where Does the Threat Occur?

• At routers, mostly• Most routers are well-protected

– But . . .– Several vulnerabilities have been

found in routers• Also, should we always trust those

running routers?

Lecture 27Page 7Advanced Network Security

Different Types of Routing Protocols

• Link state– Tell everyone the state of your links

• Distance vector– Tell nodes how far away things are

• Path vector– Tell nodes the complete path between

various points• On demand protocols

– Figure out routing once you know you two nodes need to communicate

Lecture 27Page 8Advanced Network Security

Popular Routing Protocols

• BGP– Path vector protocol used in core Internet

routing– Arguably most important protocol to secure

• RIP– Distance vector protocol for small networks

• OSPF• ISIS• Ad hoc routing protocols

Lecture 27Page 9Advanced Network Security

Fundamental Operations To Be Protected

• One router tells another router something about routing

– A path, a distance, contents of local routing table, etc.

• A router updates its routing information

• A router gathers information to decide on routing

Lecture 27Page 10Advanced Network Security

Protecting BGP

• BGP is probably the most important protocol to protect

• Handles basic Internet routing

• Works at autonomous system (AS) level

– Rather than router level

Lecture 27Page 11Advanced Network Security

BGP Issues

• BGP is spoken (mostly) between routers in autonomous systems

• On direct network links to their partner

• Over TCP sessions that are established with known partners

• Isn’t that enough to give reasonable security?

Lecture 27Page 12Advanced Network Security

Basic BGP Security Issue

A B C D E

F G

1.2.3.*

A wants to tell everyone how to get to 1.2.3.*

1.2.3.*A

1.2.3.*A

1.2.3.*B,A 1.2.3.*C,B,A 1.2.3.*D,C,B,A

What do we need to protect?

Lecture 27Page 13Advanced Network Security

Well, What Could Go Wrong?

A B C D E

F G

1.2.3.*A

What if A doesn’t own

1.2.3.*?What if router A isn’t authorized

to advertise 1.2.3.*?

What if router D alters the path?

1.2.3.*D,F

Lecture 27Page 14Advanced Network Security

How Do We Solve These Problems?

• Advertising routers must prove ownership and right to advertise

• Paths must be signed by routers on them

• Must avoid cut-and-paste attacks

• And replay attacks

Lecture 27Page 15Advanced Network Security

S-BGP

• A protocol designed to solve most of the routing security issues for BGP

• Intended to be workable with existing BGP protocol

• Key idea is to tie updates to those who are allowed to make them

– And to those who build them

Lecture 27Page 16Advanced Network Security

Some S-BGP Constraints

• Can’t change BGP protocol

– Or packet format

• Can’t have messages larger than max BGP size

• Must be deployable in reasonable way

Lecture 27Page 17Advanced Network Security

An S-BGP Example

A B C D E

F G

1.2.3.*

1.2.3.*A

How can B know that A should

advertise 1.2.3.*?

A can provide a certificate proving

ownership

Lecture 27Page 18Advanced Network Security

Securing BGP Updates

A B C D E

F G

1.2.3.*

A wants to tell everyone how to get to 1.2.3.*

What are these

signatures actually

attesting to?

1.2.3.*A 1.2.3.*B,A 1.2.3.*C,B,A 1.2.3.*D,C,B,A

Lecture 27Page 19Advanced Network Security

Who Needs To Prove What?

• A needs to prove (to B-E) that he owns the prefix

• B needs to prove (to C-E) that A wants the prefix path to go through B

• C needs to prove (to D-E) the same

• D needs to prove (to E) the same

Lecture 27Page 20Advanced Network Security

So What Does A Sign?

• A clearly must provide proof he owns the prefix

• He also must prove he originated the update

• And only A can prove that he intended the path to go through B

• So he has to sign for all of that

Lecture 27Page 21Advanced Network Security

Address Attestations in S-BGP

• These are used to prove ownership of IP prefix spaces

• IP prefix owner provides attestation that a particular AS can originate its BGP updates

• That AS includes attestation in updates

Lecture 27Page 22Advanced Network Security

Route Attestations

• To prove that path for a prefix should go through an AS

• The previous AS on the path makes this attestation

– E.g., B attests that C is the next AS hop

Lecture 27Page 23Advanced Network Security

How Are These Signatures Done?

• Via public key cryptography

• Certificates issued by proper authorities

– ICANN at the top

– Hierarchical below ICANN

• Certificates not carried with updates

– Otherwise, messages would be too big

– Off-line delivery method proposed

Lecture 27Page 24Advanced Network Security

Protecting Other Styles of Protocols

• Generally, how do you know you should believe another router?

• About distance to some address space• About reachability to some address

space• About other characteristics of a path• About what other nodes have told you

Lecture 27Page 25Advanced Network Security

How Routing Protocols Pass Information

• Some protocols pass full information– E.g., BGP– So they can pass signed information

• Others pass summary information– E.g., RIP– They use other updates to create new

summaries– How can we be sure they did so

properly?

Lecture 27Page 26Advanced Network Security

Who Are You Worried About?

• Random attackers?– Generally solvable by

encrypting/authenticating routing updates• Misbehaving insiders?

– A much harder problem– They’re supposed to make decisions– How do you know they’re lying?

Lecture 27Page 27Advanced Network Security

A Sample Problem

A

B C D E

F G

H

Assume a distance vector protocol

0

0

1.2.3.*

1

1 2

2 3 1

How can H tell someone lied?How can H tell that E lied?

Lecture 27Page 28Advanced Network Security

Types of Attacks on Distance Vector Routing Protocols

• Blackhole attacks– Claim short route to target

• Claim longer distance– To avoid traffic going through you

• Inject routing loops– Which cause traffic to be dropped

• Inject lots of routing updates– Generally for denial of service

Lecture 27Page 29Advanced Network Security

How To Secure a Distance Vector Protocol?

• Can’t just sign the hop count

– Not tied to the path

• Instead, sign a length and a “second-to-last” router identity

• By iterating, you can verify path length

Lecture 27Page 30Advanced Network Security

An Example

A

B C D E

F G

H1.2.3.*

H needs to build a routing table

entry for 1.2.3.*Should show hop count of 3 via G,

5 via E

Lecture 27Page 31Advanced Network Security

One Way to Do It

A

B C D E

F G

H

H directly verifies that it’s one hop to E

D 2 E

C 3 D

B 4 C

A 5 B

H gets signed info that D is 2 hops through E

Then we iterate

Now we can trust it’s five hops to A

Lecture 27Page 32Advanced Network Security

Who Does the Signing?

• The destination

– A in the example

• It only signs the unchanging part

– Not the hop count

• But an update eventually reaches H that was signed by A

Lecture 27Page 33Advanced Network Security

What About That Hop Count?

• E could lie about the hop count

• But he can’t lie that A is next to B

• Nor that B next to C, nor C next to D, nor D next to E

• Unless other nodes collude, E can’t claim to be closer to A than he is

Lecture 27Page 34Advanced Network Security

What If Someone Lies?

A

B C D E

F G

H

There’s limited scope for effective lies

E can’t claim to be closer to A

Since E can’t produce a routing update signed by A

that substantiates that

D 2 E

C 3 D

B 4 C

A 5 B

Lecture 27Page 35Advanced Network Security

A Difficulty

• This approach relies on a PKI• H must be able to check the various

signatures• Breaks down if someone doesn’t sign

– That’s a hole in the network, from the verification point of view

– Consider, in example, what happens if C doesn’t sign

Lecture 27Page 36Advanced Network Security

What If C Doesn’t Sign?

A

B C D E

F G

HD 2 E

C 3 D

B 4 C

A 5 BA message coming through D tells us that it’s three hops to C

But H can’t verify that H knows C is next to B And that B is next to A

But how can he be sure D is next to C?

Other than trusting D . . .

Lecture 27Page 37Advanced Network Security

What’s the Problem?

A

B C D E

F G

HD 2 E

C 3 D

B 4 C

A 5 BFor this graph, no problem

A

B C D E

F G

H

But how about for this one?

Lecture 27Page 38Advanced Network Security

Conclusions

• The proper behavior of our networks depends on proper routing

• Many types of attacks enabled by improper routing

• All the important routing protocols lack good security

• New versions concentrate on ensuring integrity and authenticity of routing info