842 research outputs found
BGP Security in Partial Deployment: Is the Juice Worth the Squeeze?
As the rollout of secure route origin authentication with the RPKI slowly
gains traction among network operators, there is a push to standardize secure
path validation for BGP (i.e., S*BGP: S-BGP, soBGP, BGPSEC, etc.). Origin
authentication already does much to improve routing security. Moreover, the
transition to S*BGP is expected to be long and slow, with S*BGP coexisting in
"partial deployment" alongside BGP for a long time. We therefore use
theoretical and experimental approach to study the security benefits provided
by partially-deployed S*BGP, vis-a-vis those already provided by origin
authentication. Because routing policies have a profound impact on routing
security, we use a survey of 100 network operators to find the policies that
are likely to be most popular during partial S*BGP deployment. We find that
S*BGP provides only meagre benefits over origin authentication when these
popular policies are used. We also study the security benefits of other routing
policies, provide prescriptive guidelines for partially-deployed S*BGP, and
show how interactions between S*BGP and BGP can introduce new vulnerabilities
into the routing system
IPv6 Network Mobility
Network Authentication, Authorization, and Accounting has
been used since before the days of the Internet as we know it
today. Authentication asks the question, âWho or what are
you?â Authorization asks, âWhat are you allowed to do?â And fi nally,
accounting wants to know, âWhat did you do?â These fundamental
security building blocks are being used in expanded ways today. The
fi rst part of this two-part series focused on the overall concepts of
AAA, the elements involved in AAA communications, and highlevel
approaches to achieving specifi c AAA goals. It was published in
IPJ Volume 10, No. 1[0]. This second part of the series discusses the
protocols involved, specifi c applications of AAA, and considerations
for the future of AAA
Performance Evaluation of Distributed Security Protocols Using Discrete Event Simulation
The Border Gateway Protocol (BGP) that manages inter-domain routing on the Internet lacks security. Protective measures using public key cryptography introduce complexities and costs. To support authentication and other security functionality in large networks, we need public key infrastructures (PKIs). Protocols that distribute and validate certificates introduce additional complexities and costs. The certification path building algorithm that helps users establish trust on certificates in the distributed network environment is particularly complicated. Neither routing security nor PKI come for free. Prior to this work, the research study on performance issues of these large-scale distributed security systems was minimal. In this thesis, we evaluate the performance of BGP security protocols and PKI systems. We answer the questions about how the performance affects protocol behaviors and how we can improve the efficiency of these distributed protocols to bring them one step closer to reality. The complexity of the Internet makes an analytical approach difficult; and the scale of Internet makes empirical approaches also unworkable. Consequently, we take the approach of simulation. We have built the simulation frameworks to model a number of BGP security protocols and the PKI system. We have identified performance problems of Secure BGP (S-BGP), a primary BGP security protocol, and proposed and evaluated Signature Amortization (S-A) and Aggregated Path Authentication (APA) schemes that significantly improve efficiency of S-BGP without compromising security. We have also built a simulation framework for general PKI systems and evaluated certification path building algorithms, a critical part of establishing trust in Internet-scale PKI, and used this framework to improve algorithm performance
A Program Logic for Verifying Secure Routing Protocols
The Internet, as it stands today, is highly vulnerable to attacks. However,
little has been done to understand and verify the formal security guarantees of
proposed secure inter-domain routing protocols, such as Secure BGP (S-BGP). In
this paper, we develop a sound program logic for SANDLog-a declarative
specification language for secure routing protocols for verifying properties of
these protocols. We prove invariant properties of SANDLog programs that run in
an adversarial environment. As a step towards automated verification, we
implement a verification condition generator (VCGen) to automatically extract
proof obligations. VCGen is integrated into a compiler for SANDLog that can
generate executable protocol implementations; and thus, both verification and
empirical evaluation of secure routing protocols can be carried out in this
unified framework. To validate our framework, we encoded several proposed
secure routing mechanisms in SANDLog, verified variants of path authenticity
properties by manually discharging the generated verification conditions in
Coq, and generated executable code based on SANDLog specification and ran the
code in simulation
The Abandoned Side of the Internet: Hijacking Internet Resources When Domain Names Expire
The vulnerability of the Internet has been demonstrated by prominent IP
prefix hijacking events. Major outages such as the China Telecom incident in
2010 stimulate speculations about malicious intentions behind such anomalies.
Surprisingly, almost all discussions in the current literature assume that
hijacking incidents are enabled by the lack of security mechanisms in the
inter-domain routing protocol BGP. In this paper, we discuss an attacker model
that accounts for the hijacking of network ownership information stored in
Regional Internet Registry (RIR) databases. We show that such threats emerge
from abandoned Internet resources (e.g., IP address blocks, AS numbers). When
DNS names expire, attackers gain the opportunity to take resource ownership by
re-registering domain names that are referenced by corresponding RIR database
objects. We argue that this kind of attack is more attractive than conventional
hijacking, since the attacker can act in full anonymity on behalf of a victim.
Despite corresponding incidents have been observed in the past, current
detection techniques are not qualified to deal with these attacks. We show that
they are feasible with very little effort, and analyze the risk potential of
abandoned Internet resources for the European service region: our findings
reveal that currently 73 /24 IP prefixes and 7 ASes are vulnerable to be
stealthily abused. We discuss countermeasures and outline research directions
towards preventive solutions.Comment: Final version for TMA 201
- âŠ