J. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering

Similar documents
Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

Why dynamic route? (1)

Security Issues In Mobile Ad hoc Network Routing Protocols

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols

Inter-domain Routing. Outline. Border Gateway Protocol

Performance Metrics of MANET in Multi-Hop Wireless Ad-Hoc Network Routing Protocols

Unit 3: Dynamic Routing

ICS 351: Today's plan. OSPF BGP Routing in general

Inter-Domain Routing: BGP

TDC 363 Introduction to LANs

Basic Idea. Routing. Example. Routing by the Network

Internet Routing : Fundamentals of Computer Networks Bill Nace

Lecture 12. Introduction to IP Routing. Why introduction? Routing

Routing by the Network

Internetworking: Global Internet and MPLS. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

SEMESTER 2 Chapter 3 Introduction to Dynamic Routing Protocols V 4.0

OSPF Protocol Overview on page 187. OSPF Standards on page 188. OSPF Area Terminology on page 188. OSPF Routing Algorithm on page 190

CS BGP v4. Fall 2014

CS 457 Networking and the Internet. The Global Internet (Then) The Global Internet (And Now) 10/4/16. Fall 2016

Routing Protocols in MANETs

CSC 4900 Computer Networks: Routing Protocols

ICS 351: Today's plan. distance-vector routing game link-state routing OSPF

Routing Protocols. Autonomous System (AS)

Unicast Routing in Mobile Ad Hoc Networks. Dr. Ashikur Rahman CSE 6811: Wireless Ad hoc Networks

CS4700/CS5700 Fundamentals of Computer Networks

Top-Down Network Design

Content. 1. Introduction. 2. The Ad-hoc On-Demand Distance Vector Algorithm. 3. Simulation and Results. 4. Future Work. 5.

A Novel Secure Routing Protocol for MANETs

Inter-networking. Problem. 3&4-Internetworking.key - September 20, LAN s are great but. We want to connect them together. ...

CS4450. Computer Networks: Architecture and Protocols. Lecture 15 BGP. Spring 2018 Rachit Agarwal

BGP. Daniel Zappala. CS 460 Computer Networking Brigham Young University

Introduction to IP Routing. Geoff Huston

Planning for Information Network

COMP/ELEC 429 Introduction to Computer Networks

Course Routing Classification Properties Routing Protocols 1/39

BTEC Level 3 Extended Diploma

Outline. Routing. Introduction to Wide Area Routing. Classification of Routing Algorithms. Introduction. Broadcasting and Multicasting

Border Gateway Protocol (BGP-4)

The Interconnection Structure of. The Internet. EECC694 - Shaaban

Routing(2) Inter-domain Routing

Routing, Routing Algorithms & Protocols

Performance Analysis of MANET Routing Protocols OLSR and AODV

CS 43: Computer Networks Internet Routing. Kevin Webb Swarthmore College November 16, 2017

Multicast Technology White Paper

Internet Routing Protocols Tuba Saltürk

Open Shortest Path First (OSPF)

Network Technologies. Unit 5, Chapter 8 Switching and Routing. Cisco Learning Institute Network+ Fundamentals and Certification

Network Layer: Routing

CS519: Computer Networks. Lecture 4, Part 5: Mar 1, 2004 Internet Routing:

QoS Routing By Ad-Hoc on Demand Vector Routing Protocol for MANET

CS 43: Computer Networks. 24: Internet Routing November 19, 2018

Inter-Domain Routing: BGP

A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols

Routing Basics. What is Routing? Routing Components. Path Determination CHAPTER

Lecture outline. Internet Routing Security Issues. Previous lecture: Effect of MinRouteAdver Timer. Recap of previous lecture

Chapter 7 Routing Protocols

A Review of Reactive, Proactive & Hybrid Routing Protocols for Mobile Ad Hoc Network

Secure routing in ad hoc and sensor networks

Introduction to Routing

ITEC310 Computer Networks II

Securing BGP. Geoff Huston November 2007

Department of Computer and IT Engineering University of Kurdistan. Computer Networks II Border Gateway protocol (BGP) By: Dr. Alireza Abdollahpouri

Computation of Multiple Node Disjoint Paths

Routing Protocols in MANET: Comparative Study

Routing Protocols --- Exterior Gateway Protocol

Performance Analysis and Enhancement of Routing Protocol in Manet

Configuring IP Routing Protocols

Performance Evaluation of Various Routing Protocols in MANET

UCS-805 MOBILE COMPUTING Jan-May,2011 TOPIC 8. ALAK ROY. Assistant Professor Dept. of CSE NIT Agartala.

Top-Down Network Design, Ch. 7: Selecting Switching and Routing Protocols. Top-Down Network Design. Selecting Switching and Routing Protocols

Arvind Krishnamurthy Fall 2003

Computer Networking Introduction

CSc 450/550 Computer Networks Internet Routing

Introduction to Mobile Ad hoc Networks (MANETs)

Computer Science 461 Final Exam May 22, :30-3:30pm

A Survey - Energy Efficient Routing Protocols in MANET

To contain/reduce broadcast traffic, we need to reduce the size of the network (i.e., LAN).

CS 640: Introduction to Computer Networks. Intra-domain routing. Inter-domain Routing: Hierarchy. Aditya Akella

A Survey of BGP Security Review

MANET TECHNOLOGY. Keywords: MANET, Wireless Nodes, Ad-Hoc Network, Mobile Nodes, Routes Protocols.

On Demand secure routing protocol resilient to Byzantine failures

Routing in Ad Hoc Wireless Networks PROF. MICHAEL TSAI / DR. KATE LIN 2014/05/14

Overview. Problem: Find lowest cost path between two nodes Factors static: topology dynamic: load

Table of Contents. Cisco TCP/IP

Overview 4.2: Routing

LECTURE 9. Ad hoc Networks and Routing

PART III. Implementing Inter-Network Relationships with BGP

CMSC 417. Computer Networks Prof. Ashok K Agrawala Ashok Agrawala October 9, 2018 (a) October 18 October 9,

Performance Analysis of DSR Routing Protocol With and Without the Presence of Various Attacks in MANET

Implementation of AODV Protocol and Detection of Malicious Nodes in MANETs

IP Multicast Technology Overview

Initial motivation: 32-bit address space soon to be completely allocated. Additional motivation:

Chapter 3. Introduction to Dynamic Routing Protocols. CCNA2-1 Chapter 3

Secure Routing and Transmission Protocols for Ad Hoc Networks

Building the Routing Table. Introducing the Routing Table Directly Connected Networks Static Routing Dynamic Routing Routing Table Principles

Internet inter-as routing: BGP

Routing in the Internet

Chapter 4: Advanced Internetworking. Networking CS 3470, Section 1

Routing. Advanced Computer Networks: Routing 1

Transcription:

Auburn Information Assurance Laboratory J. A. Drew Hamilton, Jr., Ph.D. Director, Information Assurance Laboratory and Associate Professor Computer Science & Software Engineering 107 Dunstan Hall Auburn University, AL 36849-5347 http://www.eng.auburn.edu/users/hamilton FAX: (334) 844-6329 hamilton@eng.auburn.edu drew@drew-hamilton.com 1

Denial of Service (DoS) Attacks Against Wireless LANs and Protection Seminar References: Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols by Hu, Perrig and Johnson Understanding BGP Misconfiguration, by Mahajan, Wetherall and Anderson 2

BGP Misconfiguration It is well-known that simple, accidental BGP configuration errors can disrupt Internet connectivity. Yet little is known about the frequency of misconfiguration or its causes, except for the few spectacular incidents of widespread outages. In this paper, we present the first quantitative study of BGP misconfiguration. Over a three week period, we analyzed routing table advertisements from 23 vantage points across the Internet backbone to detect incidents of misconfiguration. For each incident we polled the ISP operators involved to verify whether it was a misconfiguration, and to learn the cause of the incident. 3

Misconfiguring BGP We also actively probed the Internet to determine the impact of misconfiguration on connectivity. Surprisingly, we find that configuration errors are pervasive, with 200-1200 prefixes (0.2-1.0\% of the BGP table size) suffering from misconfiguration each day. Close to 3 in 4 of all new prefix advertisements were results of misconfiguration. Fortunately, the connectivity seen by end users is surprisingly robust to misconfigurations. While misconfigurations can substantially increase router processing overhead, only one in twenty five affects connectivity. While the causes of misconfiguration are diverse, we argue that most could be prevented through better router design. 4

What is BGP? RFC 1771, 1772 In the Internet environment. BGP is an inter-autonomous System routing protocol. The network reachability information exchanged via BGP provides sufficient information to detect routing loops and enforce routing decisions based on performance preference and policy constraints as outlined in RFC 1104 In particular, BGP exchanges routing information containing full AS paths and enforces routing policies based on configuration information. Factors driving this RFC: 1. Exhaustion of the class-b network address space. One fundamental cause of this problem is the lack of a network class of a size which is appropriate for mid-sized organization; class-c, with a maximum of 254 host addresses, is too small while class-b, which allows up to 65534 addresses, is too large to be densely populated. 2. Growth of routing tables in Internet routers are beyond the ability of current software (and people) to effectively manage. 3. Eventual exhaustion of the 32-bit IP address space. 5

Classless inter-domain routing (CIDR) Classless inter-domain routing (CIDR) attempts to deal with these problems by proposing a mechanism to slow the growth of the routing table and the need for allocating new IP network numbers. It does not attempt to solve the third problem, which is of a more long-term nature, but instead endeavors to ease enough of the short to mid-term difficulties to allow the Internet to continue to function efficiently while progress is made on a longer-term solution. BGP-4 is an extension of BGP-3 that provides support for routing information aggregation and reduction based on the Classless inter- domain routing architecture (CIDR) 6

CIDR Architecture RFC 1519 The proposed solution is to topologically allocate future IP address assignment, by allocating segments of the IP address space to the transit routing domains. There are two basic components of this addressing and routing plan: one, to distribute the allocation of Internet address space and two, to provide a mechanism for the aggregation of routing information. 7

Aggregation Routing Aggregation and its limitations One major goal of the CIDR addressing plan is to allocate Internet address space in such a manner as to allow aggregation of routing information along topological lines. For simple, single-homed clients, the allocation of their address space out of a transit routing domain's space will accomplish this automatically - rather than advertise a separate route for each such client, the transit domain may advertise a single aggregate route which describes all of the destinations connected to it. Unfortunately, not all sites are singly-connected to the network, so some loss of ability to aggregate is realized for the non-trivial cases. 8

Autonomous Systems All of the discussions in RFC 1772 are based on the assumption that the Internet is a collection of arbitrarily connected Autonomous Systems. That is, the Internet will be modeled as a general graph whose nodes are AS's and whose edges are connections between pairs of AS's. The classic definition of an Autonomous System is a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets within the AS and using an exterior gateway protocol to route packets to other AS's. Since this classic definition was developed, it has become common for a single AS to use several interior gateway protocols and sometimes several sets of metrics within an AS. The use of the term Autonomous System here stresses the fact that, even when multiple IGPs and metrics are used, the administration of an AS appears to other AS's to have a single coherent interior routing plan and presents a consistent picture of which destinations are reachable through it. AS's are assumed to be administered by a single administrative entity, at least for the purposes of representation of routing information to systems outside of the AS. 9

BGP Topological Model When we say that a connection exists between two AS's, we mean two things: Physical connection: There is a shared Data Link subnetwork between the two AS's, and on this shared subnetwork each AS has at least one border gateway belonging to that AS. Thus the border gateway of each AS can forward packets to the border gateway of the other AS without resorting to Inter-AS or Intra-AS routing. BGP connection: There is a BGP session between BGP speakers in each of the AS's, and this session communicates those routes that can be used for specific destinations via the advertising AS. 10

On-Demand Protocols There are two categories of routing protocols: table-driven and on demand-routing. In table-driven routing protocols routing information is periodically advertised to all nodes so all nodes have an up-to-date view of the network. Alternatively, on-demand routing protocols only discovers a new route when it is required to. Hybrid routing protocols also exist and they try to achieve an efficient balance between both categories of protocols 11

Comparison between Table-Drive Routing and On-Demand Routing Availablilty of Routing Information Table-driven Routing Immediately from route table On-Demand Routing After a route discovery Route Updates Periodic Advertisments When requested Routing Overhead Proportional to the size of the network regardless of network traffic Proportional to the number of communicating nodes and increases with increased node mobility It is clear that on-demand protocols are more suited for mobile handheld devices as network bandwidth and battery power is limited. 12

Ad hoc On-demand Distance Vector Routing (AODV) Ad hoc On-demand Distance Vector Routing (AODV) is an on-demand version of the table-driven Dynamic Destination-Sequenced Distance- Vector (DSDV) protocol To find a route to the destination, the source broadcasts a route request packet. This broadcast message propagates through the network until it reaches an intermediate node that has recent route information about the destination or until it reaches the destination. When intermediate nodes forwards the route request packet it records in its own tables which node the route request came from. This information is used to form the reply path for the route reply packet as AODV uses only symmetric links. As the route reply packet traverses back to the source, the nodes along the reverse path enter the routing information into their tables. When ever a link failure occurs, the source is notified and a route discovery can be requested again if needed. 13

Dynamic Source Routing The Dynamic Source Routing (DSR) protocol is a source-routed ondemand protocol. There are two major phases for the protocol: route discovery and route maintenance. The key difference between DSR and other protocols is the routing information is contained in the packet header. Since the routing information is contained in the packet header then the intermediate nodes do not need to maintain routing information. An intermediate node may wish to record the routing information in its tables to improve performance but it is not mandatory. Another feature of DSR is that it supports asymmetric links as a route reply can be piggybacked onto a new route request packet. DSR is suited for small to medium sized networks as its overhead can scale all the way down to zero. The overhead will increase significantly for networks with larger hop diameters as more routing information will be contained in the packet headers 14

Rushing attack Disseminates ROUTE REQUESTs quickly throughout the network, suppressing any later legitimate ROUTE REQUESTs when nodes drop them due to the duplicate suppression. Practical only on on-demand routing protocols using duplicate suppression at each node (AODV) Threats: Failure of route discovery 15

Rushing Attack Example The initiator node initiates a Route Discovery for the target node. If the Route Requests for this Discovery forwarded by the attacker are the first to reach each neighbor of the target, then any route discovered by this Route Discovery will include a hop through the attacker. 16

Assumptions We make the common assumption that most network links are bidirectional. Though a jamming attack is also an important denial-ofservice attack, we present mechanisms to defend against the rushing attack because we believe that the rushing attack is more easily performed. Medium Access Control protocols are also often vulnerable to attack. For example, in IEEE 802.11, an attacker can paralyze nodes in its neighborhood by sending Clear-To-Send (CTS) frames periodically, setting the Duration field of each frame equal to the interval between such frames. Prior work has shown that ad hoc network routing in general does not scale well. Most existing simulation of ad hoc network routing protocols consider scenarios of 50 to 500 nodes. 17

Secure Routing Requirements and Protocol Hu, Perrig & Johnson describe a set of generic mechanisms that together defend against the rushing attack: secure Neighbor Detection, secure route delegation, and randomized ROUTE REQUEST forwarding. 18

Secure Neighbor Detection 19

Secure Route Delegation S-BGP uses Route Attestations to ensure that each AS listed in the BGP AS path is indeed a valid AS In S-BGP, before sending a route update to its neighbor, the AS signs a route attestation delegating it the right to further propagate the update. Used to make sure that BOTH neighbors believe that they are within transmission range. 20

Randomized Message Forwarding The secure Neighbor Detection and secure Route Delegation techniques are not sufficient to thwart the rushing attack, since an adversary can still get an advantage by forwarding ROUTE REQUESTs very rapidly. Use a random selection technique to minimize the chance that a rushing adversary can dominate all returned routes. In traditional ROUTE REQUEST forwarding, the receiving node immediately forwards the REQUEST and suppresses all subsequent REQUESTs. In the modified flooding, a node first collects a number of REQUESTs, and selects a REQUEST at random to forward. There are thus two parameters to our randomized forwarding technique: first, the number of REQUEST packets to be collected, and second, the algorithm by which timeouts are chosen. Given perfect information, each forwarding node would collect the maximum possible number of REQUESTs before forwarding one, since this approach provides the most effective defense against a rushing attack. 21

Randomized Message Forwarding (2) However, when the number of REQUESTs is chosen to be too large, randomized forwarding will heavily rely on the timeout to trigger REQUEST forwarding, increasing latency and possibly reducing security. In a real network, perfect information is generally not available; as a result, initiators can include in each Route Discovery the number of REQUESTs to buffer before forwarding one, and can adjust this parameter adaptively, based on the REPLY latency and on the parameters chosen by other nodes. Alternatively, this number can be chosen as a global parameter, or locally using an adaptive algorithm, though an adaptive algorithm may allow certain new attacks. With topology information, the choice of timeout should be based on the number of legitimate hops between the initiator and the node forwarding the REQUEST; closer nodes should choose shorter timeouts than far-away nodes. This topological information can be approximated by location information; that is, nodes that are geographically closer should choose smaller timeouts than nodes that are geographically farther away. When geographic information is not available, nodes can randomly choose timeouts; however, this approach reduces security by favoring nodes choosing shorter timeouts. 22

Randomized Route Request Forwarding (Secure Route Discovery) The intuition behind Secure Route Discovery is to make the forwarding of REQUEST packets less predictable by buffering the first n REQUESTs received, then randomly choosing one of those REQUESTs. However, we need to prevent an attacker from filling too many of these n REQUESTs, since otherwise the attacker could simply rush n copies of a REQUEST, rather than a single our scheme would once again be vulnerable to the rushing attack. 23

Secure Route Discovery To limit the number of REQUESTs that traverse an attacker, we exploit the fact that legitimate nodes forward only one REQUEST in any Discovery. First, we require that each REQUEST carry a list of nodes traversed by this REQUEST. Second, we require a bidirectional Neighbor Verification for each link represented by this list of nodes, for a total of two signed Neighbor Verifications per hop. Third, to authenticate the node list, we require each node to authenticate the REQUEST it forwards, though it can piggyback this authentication together with the Neighbor Verification that it signs. Finally, we require buffered REQUESTs be duplicate-suppressionunique: that is, if the route record of any two REQUESTs containany node A, the route prefix leading up to (and including) A must be the same. These three requirements constrain an attacker to the extent that an attacker that has compromised m nodes can rush at most m REQUESTs. To prevent replay of old Neighbor Verification messages, each message is tied to a specific Route Discovery. 24

Simulation Evaluations 25

Conclusions Hu, Perrig and Johnson first described the rushing attack, a novel and powerful attack against on-demand ad hoc network routing protocols. This attack allows an attacker to mount a denial-of-service attack against all previously proposed secure on-demand ad hoc network routing protocols. We have also presented RAP (Rushing Attack Prevention), a new protocol that thwarts the rushing attack. They found that the widely used duplicate suppression technique makes the rushing attack possible, and designed a new Route Discovery protocol called RAP that replaces the standard mechanism and thwarts the rushing attack. The approach is generic, so any protocol that relies on duplicate suppression in Route Discovery can use our results to fend off rushing attacks. More importantly, they demonstrated that there are mechanisms that can defend against the rushing attack, even though all previous attempts at secure on-demand ad hoc network routing protocols have been vulnerable. When integrated with a secure routing protocol, RAP incurs no cost unless the underlying secure protocol cannot find valid routes. When RAP is enabled, it incurs higher overhead than do standard in Link State Routing. 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback