A Survey of BGP Security Review

Similar documents
A Survey of BGP Security: Issues and Solutions

A Look Back at Security Problems in the TCP/IP Protocol Suite Review

A Security Evaluation of DNSSEC with NSEC Review

Securing BGP Networks using Consistent Check Algorithm

Routing Security Security Solutions

Security Issues of BGP in Complex Peering and Transit Networks

Security in inter-domain routing

Secure Frame Communication in Browsers Review

Robust Defenses for Cross-Site Request Forgery Review

A Survey of BGP Security Issues and Solutions

CIS 5373 Systems Security

CNT Computer and Network Security: BGP Security

Securing BGP. Geoff Huston November 2007

On the State of the Inter-domain and Intra-domain Routing Security

A PKI For IDR Public Key Infrastructure and Number Resource Certification

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

CSc 466/566. Computer Security. 18 : Network Security Introduction

Internet Infrastructure

Topic 3 part 2 Traffic analysis; Routing Attacks &Traffic Redirection Fourth Stage

J. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Routing Security. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

Interdomain Routing Security (BGP-4)

Routing and router security in an operator environment

Using MSDP to Interconnect Multiple PIM-SM Domains

CSC 574 Computer and Network Security. TCP/IP Security

CS519: Computer Networks. Lecture 4, Part 5: Mar 1, 2004 Internet Routing:

CSE 565 Computer Security Fall 2018

Network Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:

IPv6 Security Vendor Point of View. Eric Vyncke, Distinguished Engineer Cisco, CTO/Consulting Engineering

When the Lights go out. Hacking Cisco EnergyWise. Version: 1.0. Date: 7/1/14. Classification: Ayhan Koca, Matthias Luft

BGP Security. Kevin s Attic for Security Research

Module: Routing Security. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

The information in this document is based on Cisco IOS Software Release 15.4 version.

Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Review

Routing Security* CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring * Thanks to Steve Bellovin for slide source material.

Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011

Routing Protocols. Autonomous System (AS)

Adopting Innovative Detection Technique To Detect ICMPv6 Based Vulnerability Attacks

Introduction. Keith Barker, CCIE #6783. YouTube - Keith6783.

A Configuration based Approach to Mitigating Man-inthe-Middle Attacks in Enterprise Cloud IaaS Networks running BGP

Inter-AS routing. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley

Network Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018

Computer Communication Networks Network Security

Information Security CS 526

IPv6 Traffic Hijack Test System and Defense Tools Using DNSSEC

ANALYSIS OF INTRUSION DETECTION SYSTEM (IDS) IN BORDER GATEWAY PROTOCOL

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Inter-domain routing validator based spoofing defence system

Computer Networks ICS 651. IP Routing RIP OSPF BGP MPLS Internet Control Message Protocol IP Path MTU Discovery

An Operational Perspective on BGP Security. Geoff Huston February 2005

EECS 3214 Final Exam Winter 2017 April 19, 2017 Instructor: S. Datta. 3. You have 180 minutes to complete the exam. Use your time judiciously.

Border Gateway Protocol - BGP

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

Network Security and Cryptography. December Sample Exam Marking Scheme

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

A Framework for Resilient Internet Routing Protocols

TBGP: A more scalable and functional BGP. Paul Francis Jan. 2004

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Network Security - ISA 656 Routing Security

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

VoIP Security Threat Analysis

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Internet Protocol and Transmission Control Protocol

Computer Science 461 Final Exam May 22, :30-3:30pm

Securing ARP and DHCP for mitigating link layer attacks

Computer Networks. Wenzhong Li. Nanjing University

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

On the Internet, nobody knows you re a dog.

IPSec. Slides by Vitaly Shmatikov UT Austin. slide 1

Architectural Approaches to Multi-Homing for IPv6

Computer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1

Chapter 4: Advanced Internetworking. Networking CS 3470, Section 1

Network Security. Thierry Sans

(2½ hours) Total Marks: 75

L13. Reviews. Rocky K. C. Chang, April 10, 2015

1536 IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 22, NO. 9, SEPTEMBER 2011

Cisco Implementing Cisco IP Routing v2.0 (ROUTE)

Secure Neighbor Discovery. By- Pradeep Yalamanchili Parag Walimbe

CSC 4900 Computer Networks: Routing Protocols

The Contemporary Internet p. 3 Evolution of the Internet p. 5 Origins and Recent History of the Internet p. 5 From ARPANET to NSFNET p.

IPSec. Overview. Overview. Levente Buttyán

Configuring OSPF TTL Security Check and OSPF Graceful Shutdown

Module 6 Implementing BGP

IS-2150/TEL-2810 Introduction to Computer Security Quiz 2 Thursday, Dec 14, 2006

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Ravi Chandra cisco Systems Cisco Systems Confidential

Routing on the Internet. Routing on the Internet. Hierarchical Routing. Computer Networks. Lecture 17: Inter-domain Routing and BGP

Configuring NAT for IP Address Conservation

Inter-networking. Problem. 3&4-Internetworking.key - September 20, LAN s are great but. We want to connect them together. ...

Initial motivation: 32-bit address space soon to be completely allocated. Additional motivation:

Cisco CCNP ROUTE: Implementing Cisco IP Routing (ROUTE) 2.0. Upcoming Dates. Course Description. Course Outline

A Framework for Optimizing IP over Ethernet Naming System

Internetworking Part 2

Chapter 12 Network Protocols

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

Transcription:

A Survey of BGP Security Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka November 16, 2011 1 Introduction to the topic and the reason for the topic being interesting Border Gateway protocol(bgp) is a routing protocol used for exchanging routing information among Autonomous Systems. A single organization is responsible for managing its autonomous system. BGP is one of the most widely used protocol. However security issues have not been sufficiently dealt with in Border Gateway Protocol which at times leads to serious failures. The topic is interesting as this topic discusses the security issues pertaining to Border Gateway Protocol, which is critical for the smooth functioning of internet. 2 Questions that the paper asks and how are those questions interesting The paper discusses the weaknesses of Border Gateway Protocol and explores the various solutions proposed. The question is interesting as considering the importance of Border Gateway protocol for the smooth functioning of internet, the proposed solutions for providing security must be examined and compared. 3 How does it answer the questions In order to answer the question the author first explains the mechanism of interdomain routing. Border Gateway protocol(bgp) is a routing protocol used for exchanging routing information among Autonomous Systems. Autonomous systems are of three types, namely: 1. Stub Autonomous Systems: Stub AS is the system which is connected to only one other AS. 2. Multihomed Autonomous System: Multihomed Autonomous System is similar to Stub Autonomous System but it is connected to many other ASs. 3. Transit Autonomous System: Transit AS allow routing through itself to other ASs. The routers which exchange routing information with their peer Autonomous Systems using BGP is called BGP speaker. BGP uses TCP protocol for exchanging this information. Each AS consists of hosts whose information is exchanged by the routers using UPDATE messages which contain the prefixes and paths. Since BGP uses the advertised paths to make routing decisions, hence it is known as a path vector protocol. The Autonomous System numbers and IP addresses is assigned to Autonomous Systems by ICANN. Each Autonomous System follows a routing policy used for filtering, based on the quality of service that it intends to provide and its business strategy. The threat model used in the paper is discussed below: 1

1. One of the routers which is exchanging malicious information may be malicious. This case is discussed below: (a) Let us assume the two routers which are communicating be Alice and Bob. And a passive adversary eavesdrops on the channel over which they are communicating, due to this the communication between Alice and Bob is no longer confidential. (b) Between the two communicating routers an active adversary may either add messages, delete messages or may change the content of the messages. Also an active adversary may replay the packets in order to confuse the routers. (c) The adversary may send malicious messages to either of the communicating routers in order to terminate the session. They may be achieved by sending OPEN or NOTIFI- CATION messages between an established session. 2. An adversary may carry out an attack which affects routers separated by a huge distance. This kind of attack is discussed below: (a) An attacker owning an Autonomous System may attack by prefix hijacking, that is the attacker may advertise that it is responsible for managing the advertised prefixes, and hence route the packets destined for the honest Autonomous System through it. If the attacker owned malicious system absorbs the packets, then this is called Black Hole. Another method to spread false routing information is known as prefix hijacking. In this the attacker advertises a longer prefix than the prefix advertised by the honest Autonomous System. In this way it exploits the longest prefix matching property of BGP, this in turn introduces wrong routes in the network. (b) Since BGP protocol uses path vectors for routing, hence a malicious adversary may change these stored path vectors by advertising wrong PATHS in the UPDATE messages. (c) The adversary may also launch a denial of service attack. This an be accomplished by either absorbing the packets destined for a particular Autonomous System. Also since BGP uses TCP hence it is also vulnerable to the denial of service attacks which are caused due to the vulnerabilities in TCP. This an attacker may exploit by flooding the network with synchronization packets, and thus causing the attacked router to either run out of state or crash. Once a router crashes and comes back online again, it has to configure its routing tables again. This is accomplished by the neighboring routers sending routing information to the crashed routers, this and the attackers packets overloads the routers, which may crash again. If this happens again and again then the routes that it manages will continue appearing and disappearing in the routing tables. This is called route flapping. If route flapping occurs again and again then the routes advertised by the router are dropped by the other routers for a particular period of time. This is called route dampening. BGP is also vulnerable to smurf attacks, which are caused due the network being flooded with ICMP echo messages. (d) Also an attacker may misconfigure a router in order to launch an attack. This may be accomplished in the following ways: i. By allowing external routes to be directed to the internal routers, this causes the internal routers to be flooded. ii. By advertising a longer prefix, in order to redirect the packets towards itself. BGP is prone to attack because of the below mentioned weaknesses in the BGP protocol: 1. BGP does not check to see that the message has not been modified, the receiver has received the recently sent message and not a replay of the message, and that the message has been sent by an honest autonomous system. 2. BGP does not check that the routing information has been sent by an authorized autonomous system. 2

3. BGP does not check the path attribute in the UPDATE messages. As a result of the attack, an attacker may successfully absorb the packets destined for a particular Autonomous system, or an attacker may route the packets destined for an honest autonomous system through itself, hence capturing sensitive information like passwords. Also an attacker may cripple a major part of the internet for a few hours by launching denial of service attacks. In order to prevent these attacks some of the protection mechanisms are described below: 1. Current protection mechanism employed in BGP: Since BGP uses TCP. Hence the MAC of the BGP data, can be used to ensure authenticity and integrity of the message. The disadvantage of using MACs is the requirement of sharing a secret key between two communicating hosts. Since the complexity required for this is O(n 2 ), hence this is not an efficient method. Some of the other methods employed are discussed below: (a) In order to prevent the attacks IPsec may be employed, which encrypts and authenticates the headers and data for providing security. In order to manage keys it employs IPsec Internet Security Association and Key Management, which employs Diffie-Hillman protocol using RSA. (b) In order to prevent the attacks Generalized TTL security mechanism may be employed. This mechanism makes use of the fact that the routing information is primarily exchanged between routers which are located nearby. Hence it sets the TTL field to 255, it checks the TTL field value again at the destination router, if this value comes out to be lesser than 254, then the packet is discarded as it violates the hypothesis of the protocol. (c) The destination router may employ policies to filter out malicious routing information. But filtering the malicious routes in this way is build by learning from the previous attacks, hence new attacks may go unnoticed. (d) The routers maintain routing repositories containing the routing strategy. In order to verify the received routing information, the routers send their route related questions to the sending routers routing repository. However since it gives the routers the ability to query the sending routers, hence by repeatedly querying the sending routers, the other routers may get to know about its configuration, which may be against the routing policies of the sending router. 2. In order to provide security for routers employing BGP, the following proposed architectures may be employed: (a) Secure BGP architecture: In secure BGP architecture the routing information is signed with the private key of the sending router and the receiving router verifies this information by using the public key of the sending router. Secure BGP employs public key infrastructure in the below mentioned scenarios: i. For verifying the allocated addresses. ii. For associating the autonomous systems and routers to a particular organization. Since in secure BGP the routing information is verified between the senders and the receivers, and taking into consideration the number of routers and data which needs to be transmitted, the complexity of employing this type of technique is high. There are two types of attestations which are used in BGP, they are mentioned below: i. Address attestation: When a router advertises its set of prefixes, these prefixes are verified, that they are indeed being advertised honest autonomous systems. ii. Route Attestations: In route attestations the path values set in UPDATE messages are verified. (b) Secure Origin BGP: Secure origin BGP the routing information is signed with the private key of the sending router and the receiving router verifies this information with this information with the public key of the sending router. Secure Origin BGP uses the below mentioned types of certificates: 3

i. A certificate associating public key with that of the router. ii. A certificate containing the routing strategy. iii. A certificate for verifying the addresses allocated to a particular router. In order to verify the routes contained in the UPDATE messages, the certificate containing the routing strategy is employed. In order to reduce the complexity of verifying the certificates, the routers before starting the BGP session store the authenticated routing information. (c) Interdomain Route Validation: In order to verify the received information, the interdomain route validation servers of the sending Autonomous Systems are queried. In order to secure the information which is communicated between the received routers and the interdomain route validation servers secure protocols like IPSec are employed. In order to reduce the time to query the information, caching of the previously received information may be employed. 3. Some of the approaches which can be used to provide security in BGP are mentioned below: (a) One of the previous work in order to provide security was done by Smith and Garcia- Luna-Aceves. Their approach comprised of the following two ideas: i. The BGP data is encrypted and sequence number is given to it. ii. The UPDATE messages in the BGP protocol are allocated a sequence number and are digitally signed. (b) IDRP Countermeasures: Some of the protection mechanism which were employed in the previously proposed IDRP protocol can be employed in BGP. Some of them being, including a checksum of the routing information and encrypting it before transmitting it. (c) Hop Integrity Protocols: Gouda et. al proposed protocols for ensuring hop integrity, these protocols employ sequence numbers and MACs, where keys are exchanged using Diffie-Hellman protocol. (d) MOAS Detection and Mitigation: In case of multiple origin Autonomous Systems, the set of authorized ASs is attached to community attribute. Now when a prefix is advertised by an Autonomous System, this list can be consulted to verify its validity. (e) Origin Authentication: In order to verify that the prefix advertised by a particular Autonomous System is valid, cryptographic validation is employed. Pretty Secure BGP verifies the advertised prefixes using digital certificates and verifying the the certificates with the help of public keys. In this the certificates are verified in a distributed manner by making prefix assertion lists (PALs), containing the neighboring systems and their prefixes. And in order to perform authentication these PALs are consulted. The author mentions the below mentioned ways of assessing BGP security: 1. Providing protection for peer attacks: Since peers attack by changing BGP messages, such an attack can be avoided by performing encryption by employing IPSEC. Among the protocols discussed above IPSEC protection is provided by S-BGP, sobgp and IRV. IPSEC authentication header protects against Replay of packets, denial of service prevention and also helps preserve integrity of the message. The protection measure proposed by Smith et, al. performs encryption and use sequence numbers to provide authentication, it also protects the integrity, confidentiality and also protects from replay of packets, but does not protect from denial of service attacks. The protection provided by GTSM is effective against attackers who are not immediate peers of the current host. However, GTSM s measure is not effective to preserve the integrity and confidentiality of the message and also does not offer protection from replay attacks and denial of service attacks. 2. The ways for providing protection from wide reaching attacks is given below: 4

(a) Protection from an attacker who fakes the origin of the message, is provided in Secure- BGP, as it employs a public key infrastructure to provide address authentication. In order to authenticate the address the receiving host follows the chain of the certificates up to ICANN. An optimized scheme of address attestation for Secure BGP and Secure origin BGP was given by Aiello et. al. Two main features unveiled by his scheme are given below: i. 70-90% of the address prefixes were observed to remain stable for six months. ii. Only few organizations are responsible for delegating the address space. (b) Since BGP is a path vector protocol so the ways of protecting the path vector field are given below: i. The path vector protection offered by Secure Border Gateway Protocol incurs a lot of time and space complexity. ii. In order to verify the path vectors from autonomous systems IRV server, IRV protocol needs proper network connectivity. This presents problems in case of interruption of service, this problem can be done away with by employing optimistic routing. iii. Secure origin protocol verifies the received routes from the network topology databases. iv. The authentication procedure proposed by Hu et. al. employs the notion that a malicious autonomous system can not manipulate the path vectors included by the previous autonomous systems, thus it promises path vector integrity. 3. Assessment of the methods for providing security are given below: (a) Assessment of Secure Border Gateway Protocol: Secure border gateway protocol provides the an almost complete security solution. Its drawbacks include its increased space and time complexity. (b) Secure origin Border Gateway Protocol verifies the received path vectors from the network topology database, it is more flexible than secure border gateway protocol. However secure origin border gateway protocol is not robust against manipulations caused by hosts sitting in the middle. Expected paths in Border Gateway Protocol security research are given below: 1. The author suggests that selecting the correct implementation method for any protocol is important for its success. For this Pei et.al. suggested a scheme for performing routing within autonomous systems and between autonomous systems. Here routing is performed by first verifying the meaning of the fields and by applying cryptographic protection. 2. Cryptographic techniques like digital signatures can be used to securely perform Border Gateway Protocol routing. 3. It becomes important in routing protocols to identify attacking hosts. The author suggests that the best way is to detect attacks before they can happen. 4 Methodology used to investigate the paper The author investigates the paper by first enlisting the vulnerabilities of BGP and then exploring and comparing various BGP security solutions. 5 What I learned from the paper From this paper I learned the various solutions proposed for providing security in Border Gateway Protocol. 5

6 How the paper relates to previous work The paper relates to various BGP security solutions, these solutions have been discussed in the answers section. 7 Strengths of the paper I liked the following points in the paper: I liked the suggestion of the author that cryptographic techniques like digital signatures should be employed for improving BGP security. As techniques like digital signatures are helpful in authenticating the sender of the message, thus they greatly aid in improving network security. 8 Weaknesses of the paper I found the following weaknesses in the paper: In this paper the author merely compares the various BGP security solutions and finds that there is no solution which can perfectly eliminate the vulnerabilities present in BGP. But this conclusion of the author does not provide a solution for BGP security vulnerabilities. I think the author should have focused more on providing solution to the security need, rather than comparing them. 9 Results In this paper the author explores and compares various BGP security solutions, and finds that there is no solution which can perfectly eliminate the vulnerabilities present in BGP. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback