ROVER: a DNS-based method to detect and prevent IP hijacks

2013 Fall.Includes bibliographical references.The Border Gateway Protocol (BGP) is critical to the global internet infrastructure. Unfortunately BGP routing was designed with limited regard for security. As a result, IP route hijacking has been observed for more than 16 years. Well known incidents include a 2008 hijack of YouTube, loss of connectivity for Australia in February 2012, and an event that partially crippled Google in November 2012. Concern has been escalating as critical national infrastructure is reliant on a secure foundation for the Internet. Disruptions to military, banking, utilities, industry, and commerce can be catastrophic. In this dissertation we propose ROVER (Route Origin VERification System), a novel and practical solution for detecting and preventing origin and sub-prefix hijacks. ROVER exploits the reverse DNS for storing route origin data and provides a fail-safe, best effort approach to authentication. This approach can be used with a variety of operational models including fully dynamic in-line BGP filtering, periodically updated authenticated route filters, and real-time notifications for network operators. Our thesis is that ROVER systems can be deployed by a small number of institutions in an incremental fashion and still effectively thwart origin and sub-prefix IP hijacking despite non-participation by the majority of Autonomous System owners. We then present research results supporting this statement. We evaluate the effectiveness of ROVER using simulations on an Internet scale topology as well as with tests on real operational systems. Analyses include a study of IP hijack propagation patterns, effectiveness of various deployment models, critical mass requirements, and an examination of ROVER resilience and scalability

Securing The Root: A Proposal For Distributing Signing Authority

Management of the Domain Name System (DNS) root zone file is a uniquely global policy problem. For the Internet to connect everyone, the root must be coordinated and compatible. While authority over the legacy root zone file has been contentious and divisive at times, everyone agrees that the Internet should be made more secure. A newly standardized protocol, DNS Security Extensions (DNSSEC), would make the Internet's infrastructure more secure. In order to fully implement DNSSEC, the procedures for managing the DNS root must be revised. Therein lies an opportunity. In revising the root zone management procedures, we can develop a new solution that diminishes the impact of the legacy monopoly held by the U.S. government and avoids another contentious debate over unilateral U.S. control. In this paper we describe the outlines of a new system for the management of a DNSSEC-enabled root. Our proposal distributes authority over securing the root, unlike another recently suggested method, while avoiding the risks and pitfalls of an intergovernmental power sharing scheme

Security attacks and solutions on SDN control plane: A survey

Sommario Software Defined Networks (SDN) è un modello di rete programmabile aperto promosso da ONF , che è stato un fattore chiave per le recenti tendenze tecnologiche. SDN esplora la separazione dei dati e del piano di controllo . Diversamente dai concetti passati, SDN introduce l’idea di separazione del piano di controllo (decisioni di instradamento e traffico) e piano dati (decisioni di inoltro basate sul piano di controllo) che sfida l’integrazione verticale raggiunta dalle reti tradizionali, in cui dispositivi di rete come router e switch accumulano entrambe le funzioni. SDN presenta alcuni vantaggi come la gestione centralizzata e la possibilità di essere programmato su richiesta. Oltre a questi vantaggi, SDN presenta ancora vulnerabilità di sicurezza e, tra queste,le più letali prendono di mira il piano di controllo. Come i controllers che risiedono sul piano di con- trollo gestiscono l’infrastruttura e i dispositivi di rete sottostanti (es. router/switch), anche qualsiasi insicurezza, minacce, malware o problemi durante lo svolgimento delle attività da parte del controller, possono causare interruzioni dell’intera rete. In particolare, per la sua posizione centralizzata, il con- troller SDN è visto come un punto di fallimento. Di conseguenza, qualsiasi attacco o vulnerabilità che prende di mira il piano di controllo o il controller è considerato fatale al punto da sconvolgere l’intera rete. In questa tesi, le minacce alla sicurezza e gli attacchi mirati al piano di controllo (SDN) sono identificati e classificati in diversi gruppi in base a come causano l’impatto sul piano di controllo. Per ottenere risultati, è stata condotta un’ampia ricerca bibliografica attraverso uno studio appro- fondito degli articoli di ricerca esistenti che discutono di una serie di attacchi e delle relative soluzioni per il piano di controllo SDN. Principalmente, come soluzioni intese a rilevare, mitigare o proteggere il (SDN) sono stati presi in considerazione le potenziali minacce gli attachi al piano di controllo. Sulla base di questo compito, gli articoli selezionati sono stati classificati rispetto al loro impatto potenziale sul piano di controllo (SDN) come diretti e indiretti. Ove applicabile, è stato fornito un confronto tra le soluzioni che affrontano lo stesso attacco. Inoltre, sono stati presentati i vantaggi e gli svantaggi delle soluzioni che affrontano diversi attacchi . Infine, una discussione sui risultati e sui esitti ottenuti durante questo processo di indagine e sono stati affrontatti suggerimenti di lavoro futuri estratti du- rante il processo di revisione. Parole chiave : SDN, Sicurezza, Piano di controllo, Denial of Service, Attacchi alla topologiaAbstract Software Defined Networks (SDN) is an open programmable network model promoted by ONF that has been a key-enabler of recent technology trends. SDN explores the separation of data and control plane. Different from the past concepts, SDN introduces the idea of separation of the control plane (routing and traffic decisions) and data plane (forwarding decisions based on the control plane) that challenges the vertical integration achieved by the traditional networks, in which network devices such as router and switches accumulate both functions. SDN presents some advantages such as centralized management and the ability to be programmed on demand. Apart from these benefits, SDN still presents security vulnerabilities and among them, the most lethal ones are targeting the control plane. As the controllers residing on the control plane manages the underlying networking infrastructure and devices (i.e., routers/switches), any security threat, malware, or issues during the carrying out of activities by the controller can lead to disruption of the entire network. In particular, due to its centralized position, the (SDN) controller is seen as a single point of failure. As a result, any attack or vulnerability targeting the control plane or controller is considered fatal to the point of disrupting the whole network. In this thesis, the security threats and attacks targeting the (SDN) control plane are identified and categorized into different groups by considering how they cause an impact to the control plane. To obtain results, extensive literature research has been carried out by performing an in-depth study of the existing research articles that discusses an array of attacks and their corresponding solutions for the (SDN) control plane. Mainly, the solutions intended to detect, mitigate, or protect the (SDN) control plane against potential threats and attacks have been considered. On basis of this task, the potential articles selected were categorized with respect to their impact to the (SDN) control plane as direct and indirect. Where applicable a comparison of the solutions addressing the same attack has been provided. Moreover, the advantages and disadvantages of the solutions addressing the respective attacks are presented. Finally, a discussion regarding the findings and results obtained during this su- veying process and future work suggestions extracted during the review process have been discussed. Keywords: SDN, Security, Control Plane, Denial of Service, Topology Attacks, Openflo

Security Implications of Insecure DNS Usage in the Internet

The Domain Name System (DNS) provides domain-to-address lookup-services used by almost all internet applications. Because of this ubiquitous use of the DNS, attacks against the DNS have become more and more critical. However, in the past, studies of DNS security have been mostly conducted against individual protocols and applications. In this thesis, we perform the first comprehensive evaluation of DNS-based attacks against a wide range of internet applications, ranging from time-synchronisation via NTP over internet resource management to security mechanisms. We show how to attack those applications by exploiting various weaknesses in the DNS. These attacks are based on both, already known weaknesses which are adapted to new attacks, as well as previously unknown attack vectors which have been found during the course of this thesis. We evaluate our attacks and provide the first taxonomy of DNS applications, to show how adversaries can systematically develop attacks exploiting the DNS. We analyze the attack surface created by our attacks in the internet and find that a significant number of applications and systems can be attacked. We work together with the developers of the vulnerable applications to develop patches and general countermeasures which can be applied by various parties to block our attacks. We also provide conceptual insights into the root causes allowing our attacks to help with the development of new applications and standards. The findings of this thesis are published in in 4 full-paper publications and 2 posters at international academic conferences. Additionally, we disclose our finding to developers which has lead to the registration of 8 Common Vulnerabilities and Exposures identifiers (CVE IDs) and patches in 10 software implementations. To raise awareness, we also presented our findings at several community meetings and via invited articles