1 / 16

Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I)

Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I). Jennifer Rexford, Princeton University Joan Feigenbaum, Yale University August, 2006. Overview: Insecure Internet Infrastructure. Border Gateway Protocol is important BGP is the glue that holds the Internet together

kenda
Download Presentation

Incrementally Deployable Security for Interdomain Routing (TTA-4, Type-I)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Incrementally Deployable Security for Interdomain Routing(TTA-4, Type-I) Jennifer Rexford, Princeton UniversityJoan Feigenbaum, Yale University August, 2006

  2. Overview: Insecure Internet Infrastructure • Border Gateway Protocol is important • BGP is the glue that holds the Internet together • BGP is extremely vulnerable • Easy to inject false information • Easy to trigger routing instability • Vulnerabilities are being exploited • Configuration errors and malicious attacks • Route hijacking, blackholes, denial-of-service, … • Changing to a secure protocol is hard • Can’t have a flag day to reboot the Internet

  3. Distributed detection RCP RCP RCP Overview: Incrementally Deployable Solution • Backwards compatibility • Work with existing routers and protocols • Incentive compatibility • Offer significant benefits, even to the first adopter Routing Control Platform tells routers how to forward traffic ASes can upgrade to secure interdomain routing protocol ASes with RCPs can cooperate to detect suspicious routes Use RCP to simplify management and enable new services … all while still using BGP to control the legacy routers Use RCP to detect (and avoid) suspicious routes Use BGP to communicate with the legacy routers Other ASes can deploy an RCP independently Inter-AS Protocol BGP AS 1 AS 2 AS 3

  4. Overview: Potential Security Impact • Breaking the “flag day” stalemate • Viable approach to incremental deployment • Backwards compatible with the legacy routers • Incentive-compatible with goals of each AS • Immediate benefits to participating ASes • Avoiding anomalous and suspicious routes • Secure routing with participating neighbors • Tipping point leads to ubiquitous deployment • Increasing incentives for ASes to participate • Ultimately, full deployment of secure protocol • Insights for other protocols (such as DNSSEC)

  5. Technical Accomplishments: Outline • Prototyping and deployment • Routing Control Platform (RCP) prototype • Virtual Network Infrastructure (VINI) platform • Anomaly detection techniques • Pretty Good BGP (PGBGP) • Update-clustering algorithms • Incremental deployability • Multi-path Interdomain ROuting (MIRO)

  6. Accomplishment #1: Prototyping & Deployment RCP • RCP prototype • Prototype as extension to XORP/Vyatta • Learns BGP routers from neighbor ASes • Selects a “best route” for each router per prefix • API for anomaly detection and path selection • Virtual Network Infrastructure (VINI) • Platform for demonstrating the RCP in operation • Shared WAN facility for network experimentation • Initial evaluation of the existing routing protocols • A step toward the NSF’s GENI backbone design AS 1

  7. Accomplishment #2: Anomaly Detection • Pretty Good BGP (PGBGP) • Maintain history of AS originating a prefix • Flag announcements with new AS as suspicious • Prefer “normal” routes over suspicious ones • Natural application to run on the RCP 3 2 5 12.34.0.0/16 12.34.0.0/16 4 1 prevent hijack

  8. Accomplishment #2: Anomaly Detection (Cont.) • Aggregation and analysis of route updates • A single event can trigger instability in routes to many destinations. High volume of updates makes this an MDS-algorithmic challenge. • Use statistical correlation to form clusters of routes that change frequently and (approx’ly) simultaneously. Provide tools to aid anomaly detection and root-cause diagnosis. • MDS clustering algorithms have been designed, implemented, and tested on RouteViews data. To be deployed in RCP.

  9. Accomplishment #3: Incremental Deployability • Multipath Interdomain Routing (MIRO) • Increase chance of learning a valid path • Availability providers advertise extra paths • Stub ASes direct packets on alternate paths • Design of the protocol • RCP application running in participating ASes • Packet encapsulation to send packets on paths • Evaluation of incremental deployment • Incremental deployment offers significant gains • Small set of large ASes see most of path diversity

  10. Milestones, Deliverables, Schedule RCP Prototype Routing Policy Anomaly Detection Secure Routing RCP prototype, and API to data-analysis engine Offline algorithms and upper bounds Identify today’s policies and select notation Evaluate incentive compatibility Focus thus far RCP with API to trust-management system Online analysis algorithm to detect anomalies Integrate policy language in trust management Quantify gains of a partial deployment For PGBGP and MIRO Deploy online algorithm; create distributed Deploy in trust management system Deployment of RCP in operational networks Investigate new secure inter-AS protocols

  11. Public Relations Activities • NANOG presentation • PGBGP talk at NANOG in June 2006 • Discovered deployment opportunity at IXNM • Interaction with ISPs and vendors • ISPs: AT&T, NLR, and Abilene • Vendors: XORP/Vyatta, Cisco, and Lucent • Natural focus for influencing interdomain routing • Research publications • Anomaly detection (IEEE ICNP’06, ACM CIKM’06) • VINI (ACM SIGCOMM’06) • MIRO (ACM SIGCOMM’06)

  12. Technology Transition Plans • RCP: Routing Control Platform • Initial discussions with Cisco on RCP • Continued collaboration with AT&T • Possible deployment path with Vyatta (start-up) • VINI: Virtual Network Infrastructure • Running on PlanetLab nodes in Abilene backbone • Deploying in six sites in National Lambda Rail • Planning dedicated bandwidth & ISP connectivity • A step toward the NSF’s GENI backbone design

  13. Technology Transition Plans (Continued) • PGBGP: Pretty Good BGP • Internet Alert Registry deployed and in use • Prototype in progress for IXNM exchange point • In discussion with Cisco about router support • … and using PGBGP to enable soBGP deployment • MIRO: Multipath Interdomain ROuting • In discussion with Cisco about router extensions • Many of the building blocks are already available • IP-in-IP encapsulation & “add paths” BGP feature

  14. Publication Activity: Published Papers • Prototyping and deployment • “In VINI veritas: Realistic and controlled network experimentation” (ACM SIGCOMM, 2006) • Anomaly detection • “Learning-based anomaly detection in BGP updates” (ACM SIGCOMM MineNet Workshop, 2005) • “A distributed reputation approach to cooperative Internet routing protection” (Workshop on Secure Network Protocols, 2005) • “Pretty Good BGP: Improving BGP by cautiously adopting routes” (IEEE International Conference on Network Protocols, 2006) • “Finding Highly Correlated Pairs Efficiently with Powerful Pruning” (ACM Conference on Information and Knowledge Management, 2006)

  15. Publication Activity: Published Papers (Cont) • Incrementally deployable security techniques • “Pretty Good BGP: Improving BGP by cautiously adopting routes" (IEEE International Conference on Network Protocols, 2006) • “Stealth probing: Efficient data-plane security for IP routing” (USENIX, May/Jun 06) • “MIRO: Multipath Interdomain ROuting” (ACM SIGCOMM, 2006) • Incentive-compatible routing protocols • "Distributed algorithmic mechanism design” (Algorithmic Game Theory, 2007) • "Incentive-compatible interdomain routing" (ACM Conference on Electronic Commerce, 2006) • BGP routing policies • “BGP policies in ISP networks” (IEEE Network, 2005)

  16. Cyber Security R&DIncrementally Deployable Security for Interdomain Routing Secure routing protocol • DESCRIPTION / OBJECTIVES / METHODS • Routing-Control Platform (RCP) • Selects routes on behalf of routers • Possible today on high-end PC • Incrementally deployable security • Speak BGP to the legacy routers • Detect and avoid suspicious routes • Update RCPs to use secure protocol RCP RCP BGP Network A Network B BUDGET & SCHEDULE • DHS/Cyber Security IMPACT • Internet-routing system is vulnerable • Core communication infrastructure • Very vulnerable to cyber attacks • Hard to have “flag day” for upgrades • Phased deployment of secure routing • Network manager deploys locally • Participating domains detect attacks • Neighbor domains upgrade protocol TASK FY05 FY06 FY07 RCP prototype Anomaly detection Policy manager Secure routing Total cost

More Related