Embed Size (px)
Citation preview
Finding Vulnerable Network Gadgets in the Internet Topology
Author: Nir Amar
Supervisor: Dr. Gabi Nakibly
Background
The Internet – composed of some 50,000 autonomous systems (AS).
An AS is a collection of networks and routers which are administered by a single authority, i.e., an ISP, a large corporation or a university.
The routing between the different ASes is done using a protocol called BGP.
BGP and Relationships
Exchanging network reachability information with other BGP systems.
Customer Provider relation – The customer pays to the provider for traffic on the link.
Peer-to-Peer relation – the link is intended for traffic between two neighbors and their customers.
Local Preference – Prefer outgoing paths where the next hop is a customer over peer over provider. (Shortest Paths, Tie Breaking)
Import, Routing and Export policies
Upon receiving a route update for a given set of subnets, needs to decide whether to accept this update(Import policy)
If the update is accepted, need to decide whether to use the proposed route. (routing policy)
If the this path is chosen for routing, need to determine whether to propagate the update to the neighboring As’s. (export policies)
How Secure are Secure Interdomain Routing Protocols?
Authors
Sharon Goldberg , Michael Schapira, Peter Hummon and Jennifer Rexford.
Intuition – Shortest Path, Export All
Counter-Intuitive Attacks Attract More by Announcing Longer Paths
Attract More by Exporting to Less Neighbors
Goal
Find gadgets and appropriate "smart / counter-intuitive" attacks on those gadgets using Software Verification tool
Attacking BGP
BGP Attacks Classification
Attraction – Attract traffic
Interception – eavesdrop or tamper with traffic before forwarding it on to the legitimate destination.
Quantifying the impact of attacks
Attraction – Shortest Path, Export All
Interception – Shortest Path, Export All, with Connectivity.
Middle
Dst
Src
Overall Sequence
User parameters: Topology and Attack
Simulate BGP using the SW model
Assert (Non-deterministic Attack < Intuitive Attack)
ExpiSat Counter intuitive attack
Findings and Results
Topology Generation
Time and Memory Consuming
Two non-deterministic decisions:
How many As'es are in the topology
What is the relation between each As'es pair?
Characteristics for Reducing Topologies Size
Topology Generation – Example
Cdcdcsdcdsc
dscdscdsc
Victim
702
13030
43284
Attacker
6757
432
654
236
756
Interception Attack – Intuitive
Cdcdcsdcdsc
dscdscdsc
Victim
702
13030
43284
Attacker
6757
432
654
236
756
3
Interception Attack – Counter – Intuitive
Cdcdcsdcdsc
dscdscdsc
Victim
702
13030
43284
Attacker
6757
432
654
236
756
5
Attack Generation – Interception AttackOn Non-Deterministic Topology
Victim
702
13030
43284
Attacker
6757
432
654
236
756
4
Attraction Attack – Intuitive
Cdcdcsdcdsc
dscdscdsc
Victim
702
13030
43284
Attacker
6757
432
654
236
756
8No Better Counter-Intuitive Attack
Note
The topology and the attack creation are un-related!
The user can decide that he have a special topology that he want to find a counter-intuitive attack on it. The software allows such thing to happen.
Same for the case that the user have a specific attack (for example – shortest-path-export-all attack) that he would like to test it on several topologies.
Conclusion
Generating non deterministic attacks .
Find gadgets and Appropriate "smart / counter-intuitive" attacks
using Software Verification tool
Generating non deterministic topologies
Succeeded to generate topologies (up to size 5-
6) in my memory constraints,
The End.
Real world topologies are in danger!
