Decentralized trust in the inter-domain routing infrastructure

Inter-domain routing security is of critical importance to the Internet since it prevents unwanted traffic redirections. The current system is based on a Public Key Infrastructure (PKI), a centralized repository of digital certificates. However, the inherent centralization of such design creates tensions between its participants and hinders its deployment. In addition, some technical drawbacks of PKIs delay widespread adoption. In this paper we present IPchain, a blockchain to store the allocations and delegations of IP addresses. IPchain leverages blockchains' properties to decentralize trust among its participants, with the final goal of providing flexible trust models that adapt better to the ever-changing geopolitical landscape. Moreover, we argue that Proof of Stake is a suitable consensus algorithm for IPchain due to the unique incentive structure of this use-case, and that blockchains offer relevant technical advantages when compared to existing systems, such as simplified management. In order to show its feasibility and suitability, we have implemented and evaluated IPchain's performance and scalability storing around 350k IP prefixes in a 2.5 GB chain.Peer ReviewedPostprint (published version

Mirror worlds, eclipse attacks and the security of Bitcoin and the RPKI

While distributed databases offer great promise their decentralized nature poses a number of security and privacy issues. In what ways can parties misbehave? If a database is truly distributed can a malicious actor hide their misdeeds by presenting conflicting views of the database? Can we overcome such deceit and either prevent it by eliminating trust assumptions or detect such perfidy and hold the malicious party to account? We study these questions across two distributed databases: RPKI (Resource Public Key Infrastructure), which is used to authenticate the allocation and announcement of IP prefixes; and Bitcoin, a cryptocurrency that utilizes a permissionless database called a blockchain to track the transfer and ownership of bitcoins. The first part of this dissertation focuses on RPKI and the potential of RPKI authorities to misbehave. We consider the methods, motivations, and impact of this misbehavior and how an RPKI authority can present inconsistent views to hide this misbehavior. After studying the problem we propose solutions to detect and identify such misbehavior. Now we turn our attention to Bitcoin. We look at ways an attacker can manipulate Bitcoin's Peer-to-Peer network to cause members of the network to have inconsistent views of Bitcoin's blockchain and subvert Bitcoin's core security guarantees. We then propose countermeasures to harden Bitcoin against such attacks. The final part of this dissertation discusses the problem of privacy in Bitcoin. Many of the protocols developed to address Bitcoin's privacy limitations introduce trusted parties. We instead design privacy enhancing protocols that use an untrusted intermediary to mix \aka anonymize, bitcoin transactions via blind signatures. To do this we must invent a novel blind signature fair-exchange protocol that runs on Bitcoin's blockchain. This dissertation favors a dirty slate design process. We work to layer protections on existing protocols and when we must make changes to the underlying protocol we carefully weigh compatibility and deployment considerations. This philosophy has resulted in some of the research described in this dissertation influencing the design of deployed protocols. In the case of Bitcoin our research is currently used to harden a network controlling approximately a trillion dollars

A software defined networking architecture for secure routing

Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2014O tamanho e aceitação que a internet ganhou veio ajudar à inovação e a partilha entre utilizadores, mas em contrapartida aumentou o risco de tanto a infraestrutura da internet como as pessoas que a utilizam serem alvos de ciber-ataques. Esta é apenas uma visão parcial do problema, pois para suportar a crescente utilização da internet a infraestrutura cresceu sem a maturação de vários protocols e algoritmos que executam alguns dos serviços mais básicos com que convivemos todos os dias na internet. Um dos melhores exemplos ´e o do Border Gateway Protocol, um protocolo de troca de informação de roteamento que está em uso há mais de 20 anos mas possui vários problemas de segurança conhecidos. O desenho inicial do protocolo, aliado à ineficiência das redes tradicionais impediram a adoção das várias adições de segurança já propostas para o protocolo. O protocolo não possui atualizações de segurança que o protejam contra os vários tipos de ataques já descobertos, como prefix hijacking, intercepção e ataques no plano de dados. Estes ataques podem ter consequências graves durante períodos de tempo não negligenciáveis, como reportado em [33, 19]. As propostas já existentes, como o S-BGP[27], soBGP[48] e Origin Authentication[12], apesar de eficazes na proteção contra um ou mais ataques contra o BGP, não foram adoptadas na prática devido aos seus elevados requisitos computacionais ou de implementação. Neste trabalho resumimos os problemas para adopcão de soluções de segurança em três pontos principais: 1. Algumas soluções requerem poder computacional ou capacidade de memória que nem todos os dispositivos de rede que correm BGP em funcionamento conseguem suportar; 2. A solução requer alterações ao protocolo BGP em funcionamento; 3. A solução não garante benefícios de segurança imediatos ao AS que a adoptar; A investigação actual tem chegado à conclusão que muitos dos problemas das redes tradicionais surgem devido `a necessidade de os dispositivos de rede participarem em protocolos complexos para executar funções de rede que vão além do seu objetivo: encaminhar pacotes [24]. Como consequência, as redes tornaram-se bastante complexas e portanto difíceis de gerir e escalar. A falta de segurança radica também neste problema. Em alternativa às redes tradicionais, a comunidade científica e a indústria têm vindo a adoptar um novo tipo de redes, as Software Defined Networks (SDN). Estas redes sepathe datapathram o plano de controlo do plano de dados, passando toda a lógica e estado de rede para um controlador logicamente centralizado, mantendo nos dispositivos de rede apenas a tarefa de encaminhar pacotes. Os controladores SDN implementam funções de rede através de aplicações que executam no próprio ambiente do controlador em vez de obrigar os dispositivos de rede a implementarem esses protocolos. Um desses controladores é o OpenDaylight, que tem o apoio de alguns dos maiores nomes da indústria como a Cisco, IBM, HP e Juniper, e espera-se ser a principal referência no futuro. Neste trabalho propomos duas aplicações SDNs para o controlador OpenDaylight: RFProxy e BGPSec. O RFProxy é um dos três componentes base da aplicação Route- Flow, uma plataforma de servic¸os de roteamento para SDN. O RFProxy é o único componente da aplicação a executar no controlador e é responsável por gerir e configurar os switches de acordo com as decisões tomadas pelo RFServer. Esta aplicação vem aumentar o número de opções para a utilização do RouteFlow e proporciona uma plataforma de roteamento avançada e eficiente para o OpenDaylight. A aplicação BGPSec tem como objetivo garantir proteção contra ataques de prefix hijacking, onde um atacante tenta redireccionar todo o tráfego destinado a um AS para si. Esta proteção é conseguida através da validação dos dados recebidos do BGP. Ao utilizar uma aplicação para a validação dos anúncios BGP em vez de obrigar os dispositivos de rede a executarem este processamento, o desenho e implementação tornam-se mais simples e permitem um maior conjunto de opções quando comparado com as implementações necessárias em redes tradicionais. A utilização de uma aplicação SDN para este efeito é algo inovador e traz vantagens quando comparada com as redes tradicionais. Em particular, o ambiente SDN permite mitigar os dois primeiros problemas de adopção de uma extensão de segurança, ao passar o processamento para o controlador e a não requerer uma alteração protocolo BGP. As contribuições principais deste trabalho podem ser resumidas da seguinte forma: 1. Implementação e avaliação de um serviço avançado de roteamento em ambiente SDN, nomeadamente ao controlador OpenDaylight; 2. Análise dos problemas de segurança do BGP e das extensões de segurança já propostas para redes tradicionais; 3. Desenho, implementação e avaliação de uma aplicação de segurança para o BGP baseada em SDN;The Internet has evolved from a small group of interconnected computers to an infrastructure that supports billions of devices including computers, smartphones, etc, all with increasing demands in terms of network requirements. The architecture of traditional networks hinders their capability of fulfilling these demands, mainly due to the tight coupling of the data and control planes. Network devices are required to handle and participate in complex distributed protocols to perform network tasks such as routing, making networks very complex and thus affecting their scalability, performance, management and innovation ease. The Border Gateway Protocol, the de facto protocol for routing between Autonomous Systems (ASes) is one of the fundamental protocols for the operation of the internet. However, it was created in a time where the internet was composed of fewer ASes that trusted each other and in the information they provided, which is now unsafe to assume. The internet growth also resulted in an increase in the attacks against the internet routing infrastructure, and several misbehaviors have been detected, either due to attacks against the protocol or misconfiguration. Although several solutions have been presented to solve the security issues of BGP, no proposal has yet been adopted due to three main reasons:_ The solution requires either a computational power or memory size that not all currently deployed BGP speakers will be able to withstand; _ The solution incurs changes to the BGP protocol currently in use; _ The solution does not bring immediate security benefits for the adopting AS; Software-Defined Networking (SDN) is an emerging network paradigm that aims to solve the problems of traditional networks by decoupling the data and control planes, moving the latter to a logically centralized controller while making network devices execute solely the former. All network tasks and applications run on top of the controller, which abstracts the network and greatly simplifies the development and testing of new applications and protocols. Forwarding rules are installed and removed using OpenFlow, a vendor-independent communications protocol for SDNs. Several SDN controllers have been developed by different companies and researchers, several of them open-source. One of such kind is the OpenDaylight (ODL) controller, supported by some of the top names in the IT industry (e.g. Cisco, IBM, HP). The goal of ODL is to create a controller of reference and help accelerate SDN evolution and adoption. Although the controller is the core component of a SDN, network logic is performed by an application running on top of it. An example is RouteFlow, a routing platform that provides flexible and scalabe IP routing services to a SDN. Routing decisions are made by creating a virtual network that mimics the topology of the physical infrastructure and by analyzing the routing tables of the virtual devices. RouteFlow is composed by three components: RFClient, RFServer and RFProxy, with the latter running in the controller. The first contribution of this work is the implementation and evaluation of the RFProxy module for the OpenDaylight controller. An SDN architecture provides a new environment to improve BGP security through the creation of an application to run on top of the controller. Such approach mitigates the first two adoption problems mentioned above by offloading the additional processing to the controller and by not requiring changes to the BGP protocol. The other contribution of this work is the study and analysis of the BGP security problems and traditional solutions, and how to address them in a SDN environment. We implemented and evaluated BGPSec, a security application for the OpenDaylight controller that provides the network with protection against prefix hijacking attacks, where a malicious AS tries to direct the traffic destined to an AS onto itself

Leveraging Conventional Internet Routing Protocol Behavior to Defeat DDoS and Adverse Networking Conditions

The Internet is a cornerstone of modern society. Yet increasingly devastating attacks against the Internet threaten to undermine the Internet\u27s success at connecting the unconnected. Of all the adversarial campaigns waged against the Internet and the organizations that rely on it, distributed denial of service, or DDoS, tops the list of the most volatile attacks. In recent years, DDoS attacks have been responsible for large swaths of the Internet blacking out, while other attacks have completely overwhelmed key Internet services and websites. Core to the Internet\u27s functionality is the way in which traffic on the Internet gets from one destination to another. The set of rules, or protocol, that defines the way traffic travels the Internet is known as the Border Gateway Protocol, or BGP, the de facto routing protocol on the Internet. Advanced adversaries often target the most used portions of the Internet by flooding the routes benign traffic takes with malicious traffic designed to cause widespread traffic loss to targeted end users and regions. This dissertation focuses on examining the following thesis statement. Rather than seek to redefine the way the Internet works to combat advanced DDoS attacks, we can leverage conventional Internet routing behavior to mitigate modern distributed denial of service attacks. The research in this work breaks down into a single arc with three independent, but connected thrusts, which demonstrate that the aforementioned thesis is possible, practical, and useful. The first thrust demonstrates that this thesis is possible by building and evaluating Nyx, a system that can protect Internet networks from DDoS using BGP, without an Internet redesign and without cooperation from other networks. This work reveals that Nyx is effective in simulation for protecting Internet networks and end users from the impact of devastating DDoS. The second thrust examines the real-world practicality of Nyx, as well as other systems which rely on real-world BGP behavior. Through a comprehensive set of real-world Internet routing experiments, this second thrust confirms that Nyx works effectively in practice beyond simulation as well as revealing novel insights about the effectiveness of other Internet security defensive and offensive systems. We then follow these experiments by re-evaluating Nyx under the real-world routing constraints we discovered. The third thrust explores the usefulness of Nyx for mitigating DDoS against a crucial industry sector, power generation, by exposing the latent vulnerability of the U.S. power grid to DDoS and how a system such as Nyx can protect electric power utilities. This final thrust finds that the current set of exposed U.S. power facilities are widely vulnerable to DDoS that could induce blackouts, and that Nyx can be leveraged to reduce the impact of these targeted DDoS attacks

Attacking and securing Network Time Protocol

Network Time Protocol (NTP) is used to synchronize time between computer systems communicating over unreliable, variable-latency, and untrusted network paths. Time is critical for many applications; in particular it is heavily utilized by cryptographic protocols. Despite its importance, the community still lacks visibility into the robustness of the NTP ecosystem itself, the integrity of the timing information transmitted by NTP, and the impact that any error in NTP might have upon the security of other protocols that rely on timing information. In this thesis, we seek to accomplish the following broad goals: 1. Demonstrate that the current design presents a security risk, by showing that network attackers can exploit NTP and then use it to attack other core Internet protocols that rely on time. 2. Improve NTP to make it more robust, and rigorously analyze the security of the improved protocol. 3. Establish formal and precise security requirements that should be satisfied by a network time-synchronization protocol, and prove that these are sufficient for the security of other protocols that rely on time. We take the following approach to achieve our goals incrementally. 1. We begin by (a) scrutinizing NTP's core protocol (RFC 5905) and (b) statically analyzing code of its reference implementation to identify vulnerabilities in protocol design, ambiguities in specifications, and flaws in reference implementations. We then leverage these observations to show several off- and on-path denial-of-service and time-shifting attacks on NTP clients. We then show cache-flushing and cache-sticking attacks on DNS(SEC) that leverage NTP. We quantify the attack surface using Internet measurements, and suggest simple countermeasures that can improve the security of NTP and DNS(SEC). 2. Next we move beyond identifying attacks and leverage ideas from Universal Composability (UC) security framework to develop a cryptographic model for attacks on NTP's datagram protocol. We use this model to prove the security of a new backwards-compatible protocol that correctly synchronizes time in the face of both off- and on-path network attackers. 3. Next, we propose general security notions for network time-synchronization protocols within the UC framework and formulate ideal functionalities that capture a number of prevalent forms of time measurement within existing systems. We show how they can be realized by real-world protocols (including but not limited to NTP), and how they can be used to assert security of time-reliant applications-specifically, cryptographic certificates with revocation and expiration times. Our security framework allows for a clear and modular treatment of the use of time in security-sensitive systems. Our work makes the core NTP protocol and its implementations more robust and secure, thus improving the security of applications and protocols that rely on time

Next generation control of transport networks

It is widely understood by telecom operators and industry analysts that bandwidth demand is increasing dramatically, year on year, with typical growth figures of 50% for Internet-based traffic [5]. This trend means that the consumers will have both a wide variety of devices attaching to their networks and a range of high bandwidth service requirements. The corresponding impact is the effect on the traffic engineered network (often referred to as the “transport network”) to ensure that the current rate of growth of network traffic is supported and meets predicted future demands. As traffic demands increase and newer services continuously arise, novel network elements are needed to provide more flexibility, scalability, resilience, and adaptability to today’s transport network. The transport network provides transparent traffic engineered communication of user, application, and device traffic between attached clients (software and hardware) and establishing and maintaining point-to-point or point-to-multipoint connections. The research documented in this thesis was based on three initial research questions posed while performing research at British Telecom research labs and investigating control of transport networks of future transport networks: 1. How can we meet Internet bandwidth growth yet minimise network costs? 2. Which enabling network technologies might be leveraged to control network layers and functions cooperatively, instead of separated network layer and technology control? 3. Is it possible to utilise both centralised and distributed control mechanisms for automation and traffic optimisation? This thesis aims to provide the classification, motivation, invention, and evolution of a next generation control framework for transport networks, and special consideration of delivering broadcast video traffic to UK subscribers. The document outlines pertinent telecoms technology and current art, how requirements I gathered, and research I conducted, and by which the transport control framework functional components are identified and selected, and by which method the architecture was implemented and applied to key research projects requiring next generation control capabilities, both at British Telecom and the wider research community. Finally, in the closing chapters, the thesis outlines the next steps for ongoing research and development of the transport network framework and key areas for further study

Towards Practical Privacy-Preserving Protocols

Protecting users' privacy in digital systems becomes more complex and challenging over time, as the amount of stored and exchanged data grows steadily and systems become increasingly involved and connected. Two techniques that try to approach this issue are Secure Multi-Party Computation (MPC) and Private Information Retrieval (PIR), which aim to enable practical computation while simultaneously keeping sensitive data private. In this thesis we present results showing how real-world applications can be executed in a privacy-preserving way. This is not only desired by users of such applications, but since 2018 also based on a strong legal foundation with the General Data Protection Regulation (GDPR) in the European Union, that forces companies to protect the privacy of user data by design. This thesis' contributions are split into three parts and can be summarized as follows: MPC Tools Generic MPC requires in-depth background knowledge about a complex research field. To approach this, we provide tools that are efficient and usable at the same time, and serve as a foundation for follow-up work as they allow cryptographers, researchers and developers to implement, test and deploy MPC applications. We provide an implementation framework that abstracts from the underlying protocols, optimized building blocks generated from hardware synthesis tools, and allow the direct processing of Hardware Definition Languages (HDLs). Finally, we present an automated compiler for efficient hybrid protocols from ANSI C. MPC Applications MPC was for a long time deemed too expensive to be used in practice. We show several use cases of real-world applications that can operate in a privacy-preserving, yet practical way when engineered properly and built on top of suitable MPC protocols. Use cases presented in this thesis are from the domain of route computation using BGP on the Internet or at Internet Exchange Points (IXPs). In both cases our protocols protect sensitive business information that is used to determine routing decisions. Another use case focuses on genomics, which is particularly critical as the human genome is connected to everyone during their entire lifespan and cannot be altered. Our system enables federated genomic databases, where several institutions can privately outsource their genome data and where research institutes can query this data in a privacy-preserving manner. PIR and Applications Privately retrieving data from a database is a crucial requirement for user privacy and metadata protection, and is enabled amongst others by a technique called Private Information Retrieval (PIR). We present improvements and a generalization of a well-known multi-server PIR scheme of Chor et al., and an implementation and evaluation thereof. We also design and implement an efficient anonymous messaging system built on top of PIR. Furthermore we provide a scalable solution for private contact discovery that utilizes ideas from efficient two-server PIR built from Distributed Point Functions (DPFs) in combination with Private Set Intersection (PSI)