Internet Routing Security: Past, Current, and Future S. Felix Wu Computer Science Department...
-
Upload
neil-wiggins -
Category
Documents
-
view
222 -
download
2
Transcript of Internet Routing Security: Past, Current, and Future S. Felix Wu Computer Science Department...
Internet Routing Security: Past, Current, and Future
S. Felix WuComputer Science DepartmentUniversity of California, Davis
[email protected]://www.cs.ucdavis.edu/~wu/
11/23/2006 France Telecom 2
Outline
• Routing security• Secure Routing
11/23/2006 France Telecom 3
Internet (1969 ~ )
• Basic datagram service between one IP address and another
11/23/2006 France Telecom 4
Internet (1969 ~ )
• Basic datagram service between one IP address and another
• The End2End Principle
11/23/2006 France Telecom 5
Internet (1969 ~ )
• Basic datagram service between one IP address and another
• The End2End Principle
A B
IPsec Tunneling, MobileIP…
11/23/2006 France Telecom 6
Internet (1969 ~ )
• Basic datagram service between one IP address and another
• Routing is quite straightforward!
11/23/2006 France Telecom 7
Internet (1969 ~ )
• Basic datagram service between one IP address and another
• Routing: exchanging the information regarding the address space and how to reach them.– Routing versus Forwarding
11/23/2006 France Telecom 8
Internet (1969 ~ )
• Basic datagram service between one IP address and another
• Routing: exchanging the information regarding the address space and how to reach them.
• Applications built on top of the services– QoS over the Internet, still a challenge
11/23/2006 France Telecom 9
Internet Infrastructure
• It enables many cool applications.– Email, Web+, IM, Skype, Google, Bittorrent,
Infospace, LinkedIn,...
11/23/2006 France Telecom 10
Internet Infrastructure
• It enables many cool applications.– Email, Web+, IM, Skype, Google, Bittorrent,
Infospace, LinkedIn,...
• We are connected, at least in the “IP address” sense!!
11/23/2006 France Telecom 11
Internet Infrastructure
• It enables many cool applications.– Email, Web+, IM, Skype, Google, Bittorrent,
Infospace, LinkedIn,...
• We are connected, at least in the “IP address” sense!!
• Who is the “hero” to make all these possible?
11/23/2006 France Telecom 12
“BGP”
• Border Gateway Protocol– the inter-domain routing protocol for the
Internet
11/23/2006 France Telecom 13
“BGP”
• Autonomous System (AS):– A set of routers owned by one single system
administrative domain
• Address Prefix:
• Example:– AS6192 consists of routers in UC Davis– UC Davis owns 169.237/16
UCDavis:169.237/16
AS6192
11/23/2006 France Telecom 14
“BGP”
• How would I let the whole world know about 169.237/16?– I announce that I owned 169.237/16
• More importantly, how would anybody else in the Internet know how to send (or route, forward) a IP packet to 169.237/16?– Others would know how to send packets to
169.237/16–
UCDavis:169.237/16
AS6192
11/23/2006 France Telecom 15
Peering ASes
UCDavis:169.237/16
AS6192 AS11423 (UC)
AS11537 (CENIC)AS513
Peering is a local/decentralized trust based on a business contract!
11/23/2006 France Telecom 16
AS6192
UCDavis:169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 6192
11/23/2006 France Telecom 17
AS6192 AS11423
UCDavis:169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 11423 6192
11/23/2006 France Telecom 18
AS11423 AS11537
UCDavis:169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 1153711423 6192
11/23/2006 France Telecom 19
AS11537 AS513
UCDavis:169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 5131153711423 6192
11/23/2006 France Telecom 20
Packet Forwarding
UCDavis:169.237/16
AS6192 AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 5131153711423 6192
11/23/2006 France Telecom 21
The Scale of the “Internet”
11/23/2006 France Telecom 22
The Scale of the “Internet”
• 20464 Autonomous Systems• 167138 IP Address Prefixes announced
• Every single prefix, and their “dynamics”, must be propagated to every single AS.
• Every single AS must maintain the routing table such that it knows how to route the traffic toward any one of the 167138 prefixes to the right destination.
• BGP is the protocol to support the exchange of routing information for ALL prefixes in ALL ASes.
11/23/2006 France Telecom 23
The “Internet”
11/23/2006 France Telecom 24
Semi-Good News
• Aggregation works (or worked)!
• An existing issue:– Multi-homing is countering the effort
though.
• A new issue:– Routing on Flat-Labels (ROFL)
11/23/2006 France Telecom 25
“Not so sure” news
• No hierarchy, no infrastructure, no tier-one service providers, no government censorship, no centralized managed DNS, no google, … and no nothing!!
11/23/2006 France Telecom 26
“Not so sure” news
• No hierarchy, no infrastructure, no tier-one service providers, no government censorship, no centralized managed DNS, no google, … and no nothing!!
• And, we expect Internet works much better than today:– 40 billions nodes/ASes– The whole Internet is a giant Sensor
network
And, yet it needs to be scalable in every measure….
11/23/2006 France Telecom 27
BGP Security Issues
11/23/2006 France Telecom 28
Origin AS in an AS Path
• UCDavis (AS-6192) owns 169.237/16 and AS-6192 is the origin AS
• AS Path: 5131153711423 6192– 12654 13129 6461 3356 11423 6192– 12654 9177 3320 209 11423 6192– 12654 4608 1221 4637 11423 6192– 12654 777 2497 209 11423 6192– 12654 3549 3356 11423 6192– 12654 3257 3356 11423 6192– 12654 1103 11537 11423 6192– 12654 3333 3356 11423 6192– 12654 7018 209 11423 6192– 12654 2914 209 11423 6192– 12654 3549 209 11423 6192
12654
6192
11423
2091153733564637
2914701835493333
11/23/2006 France Telecom 29
Trust in BGP Updates
UCDavis:169.237/16
AS513
an AS Path:169.237/16 5131153711423 6192
An BGP Update message consists of a sequence of local trust relations. But, how to form the global trust?
11/23/2006 France Telecom 30
Security of BGP
• Authentication/validation of BGP update messages
AS513
an AS Path:169.237/16 5131153711423 6192
How to validate? What to trust?
11/23/2006 France Telecom 31
Trust Model in BGP??
AS513
an AS Path:169.237/16 5131153711423 6192
11/23/2006 France Telecom 32
Remember…
• Internet, based on the E2E argument, has to be simple…
• BGP has to be simple…• Security & trust has to be simple…
11/23/2006 France Telecom 33
Remember…
• Internet, based on the E2E argument, has to be simple…
• BGP has to be simple.• Security & trust has to be simple.• And, our minds have to be simple…
11/23/2006 France Telecom 34
Trust Model in BGP
• Naïve/unconditional trust
AS513
an AS Path:169.237/16 5131153711423 6192
11/23/2006 France Telecom 35
The bad news is…
• The Internet community (e.g., IETF, Cisco, AT&T, and their similar) won’t fix the Internet until it breaks
11/23/2006 France Telecom 36
And, the real good news is…
• The Internet community (e.g., IETF, Cisco, AT&T, and their similar) won’t fix the Internet until it breaks
11/23/2006 France Telecom 37
And, the real good news is…
• The Internet community (e.g., IETF, Cisco, AT&T, and their similar) won’t fix the Internet until it breaks
• Internet will break!!– It has broken a few times GLOBALLY!!
11/23/2006 France Telecom 38
“BGP”
• How would I let the whole world know about 169.237/16?– I announce that I owned 169.237/16
• More importantly, how would anybody else in the Internet know how to send (or route, forward) a IP packet to 169.237/16?– Others would know how to send packets to
169.237/16–
UCDavis:169.237/16
AS6192
11/23/2006 France Telecom 39
“BGP”
• How would I let the whole world know about 169.237/16?– I announce that I owned 169.237/16– Prefix hijacking
• More importantly, how would anybody else in the Internet know how to send (or route, forward) a IP packet to 169.237/16?– Others would know how to send packets to
169.237/16–
UCDavis:169.237/16
AS6192
11/23/2006 France Telecom 40
Origin AS Changes (OASC)
• Ownership: UCDavis (AS-6192) owns 169.237/16 and AS-6192 is the origin AS
• Current– AS Path: 291420911423 6192– for prefix: 169.237/16
12654
6192
11423
209
2914
169.237/16
11/23/2006 France Telecom 41
Origin AS Changes (OASC)
• Ownership: UCDavis (AS-6192) owns 169.237/16 and AS-6192 is the origin AS
• Current– AS Path: 291420911423 6192– for prefix: 169.237/16
• New– AS Path: 29143011273 81– even worse: 169.237.6/24
12654
6192
11423
2093011
273
2914
81
169.237/16169.237.6/24
11/23/2006 France Telecom 42
Origin AS Changes (OASC)
• Ownership: UCDavis (AS-6192) owns 169.237/16 and AS-6192 is the origin AS
• Current– AS Path: 291420911423 6192– for prefix: 169.237/16
• New– AS Path: 29143011273 81– even worse: 169.237.6/24
• Which route path to use?
12654
6192
11423
2093011
273
2914
81
169.237/16169.237.6/24
11/23/2006 France Telecom 43
Origin AS Changes (OASC)
• Ownership: UCDavis (AS-6192) owns 169.237/16 and AS-6192 is the origin AS
• Current– AS Path: 291420911423 6192– for prefix: 169.237/16
• New– AS Path: 29143011273 81– even worse: 169.237.6/24
• Which route path to use?• Legitimate or Abnormal??
12654
6192
11423
2093011
273
2914
81
169.237/16169.237.6/24
11/23/2006 France Telecom 44
Let’s extend it a little bit…
11/23/2006 France Telecom 45
Internet Global Failures
• AS7007 falsely de-aggregates 65000+ network prefixes in 1997 and the east coast Internet was down for 12 hours.
AS6192 AS11423 (UC)
AS11537 (CENIC)AS513
169.237/16142.7.6/24204.5.68/24….
Black Hole
11/23/2006 France Telecom 46
Active BGP Entries
11/23/2006 France Telecom 47
Active BGP Entries
11/23/2006 France Telecom 48
Active BGP Entries
11/23/2006 France Telecom 49
Internet Global Failures
• How to fix it?
AS6192 AS11423 (UC)
AS11537 (CENIC)AS513
169.237/16142.7.6/24204.5.68/24….
Black Hole
11/23/2006 France Telecom 50
New Prefix Rate-limiting
• For any given time window, a BGP peer can only introduce a X number of new IP prefixes.
• But, tier-1 ISPs will not be rate-limited.
11/23/2006 France Telecom 51
New Prefix Rate-limiting
• For any given time window, a BGP peer can only introduce a X number of new IP prefixes.
• But, tier-1 ISPs will not be rate-limited.• It worked/works, but…
11/23/2006 France Telecom 52
Origin AS Changes (OASC)
• Ownership: UCDavis (AS-6192) owns 169.237/16 and AS-6192 is the origin AS
• Current– AS Path: 291420911423 6192– for prefix: 169.237/16
• New– AS Path: 29143011273 81– even worse: 169.237.6/24
• Which route path to use?• Legitimate or Abnormal??
• It won’t help if a specific prefix is hijacked!!
12654
6192
11423
2093011
273
2914
81
169.237/16169.237.6/24
11/23/2006 France Telecom 53
BGP MOAS/OASC Events(IMW’2001, Explanation DSOM’2003)
year Median number increase rate #BGP table entries increase rate1998 683 520001999 810.5 18.7% 60000 15.40%2000 951 17.3% 80000 33.30%2001 1294 34.8% 109000 36%
Max: 10226(9177 from a single AS)
11/23/2006 France Telecom 54
Real-Time OASC Detection
• Low level events: BGP Route Updates• High level events: OASC
– 1000+ per day and max 10226 per day– per 3-minutes window in real-time demo
• IP address blocks• Origin AS in BGP Update Messages• Different Types of OASC Events
11/23/2006 France Telecom 55
1101
1000
1001
110001110011111001111011
110000110010111000111010
00110110
AS#
Qua-Tree Representation ofIP Address Prefixes
169.237/1610101001.11101101/16
11/23/2006 France Telecom 56
1101
1000
1001
110001110011111001111011
110000110010111000111010
00110110AS#
AS# Representation
AS-1
AS-7777
AS-15412
AS-6192
AS-81
11/23/2006 France Telecom 57
AS81 punched a “hole” on 169.237/16
yesterday169.237/16
today169.237/16169.237.6/24
yesterdayAS-6192
todayAS-81
victim
offender
11/23/2006 France Telecom 58
OASC Event Types
• Using different colors to represent types of OASC events
• C type: CSS, CSM, CMS, CMM• H type: H• B type: B• O type: OS, OM
11/23/2006 France Telecom 59
“Normal”
11/23/2006 France Telecom 60
AS15412 in April, 2001
11/23/2006 France Telecom 61
April 6, 2001
AS15412 caused 40K+ MOAS/OASC events within 2 weeks…
11/23/2006 France Telecom 62
April 7-10, 2001
04/07/2001 all 04/07/2001 15412 04/08/2001 all 04/08/2001 15412
04/09/2001 all 04/09/2001 15412 04/10/2001 all 04/10/2001 15412
11/23/2006 France Telecom 63
April 11-14, 2001
04/11/2001 all 04/11/2001 15412 04/12/2001 all 04/12/2001 15412
04/14/2001 all 04/14/2001 1541204/13/2001 1541204/13/2001 all
11/23/2006 France Telecom 64
April 18-19, 2001 – Again??
04/18/2001 all 04/18/2001 15412 04/19/2001 all 04/19/2001 15412
11/23/2006 France Telecom 65
How to authenticate or validate?
• Authentication/validation of BGP update messages
AS513
an AS Path:169.237/16 5131153711423 6192
11/23/2006 France Telecom 66
SBGP
• PKI• Every relationship is certified by related
ASes (with some certificates issued by the CA).
11/23/2006 France Telecom 67
Peering ASes
UCDavis:169.237/16
AS6192 AS11423 (UC)
AS11537 (CENIC)AS513
11/23/2006 France Telecom 68
AS6192 AS11423
UCDavis:169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 11423 6192
11/23/2006 France Telecom 69
AS11423 AS11537
UCDavis:169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 1153711423 6192
11/23/2006 France Telecom 70
AS11537 AS513
UCDavis:169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 5131153711423 6192
11/23/2006 France Telecom 71
PKI and Global Trust
• Certificates for everyone and everything• Verification through a chain of trust
relationship
11/23/2006 France Telecom 72
PKI and Global Trust
• Certificates for everyone and everything• Verification through a chain of trust relationshipBUT Is it reasonable to have a global PKI or any weaker
form of centralized trust servers?Chicken and Egg problem:
which infrastructure depends on which?Internet Trust ServiceTrust Service Internet
11/23/2006 France Telecom 73
SoBGP
• Distributed Registry– Checking for Topology relationship
• Similar to DNS (and many others)– Checking for binding between IP address
and name
11/23/2006 France Telecom 74
SoBGP
• Authentication/validation of BGP update messages
AS513an AS Path:169.237/16 5131153711423 6192
AS6192 owns 169.237/16AS6192 peers with AS11423AS11423 peers with AS11537AS11537 peers with AS513
11/23/2006 France Telecom 75
SoBGP
• Authentication/validation of BGP update messages
AS513an AS Path:169.237/16 5131153711423 6192
AS6192 owns 169.237/16AS6192 peers with AS11423AS11423 peers with AS11537AS11537 peers with AS513
11/23/2006 France Telecom 76
Peering ASes
UCDavis:169.237/16
AS6192 AS11423 (UC)
AS11537 (CENIC)AS513
AS6192 owns 169.237/16AS6192 peers with AS11423
AS11423 peers with AS11537AS11537 peers with AS513
11/23/2006 France Telecom 77
AS6192 AS11423
UCDavis:169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 11423 6192
AS6192 owns 169.237/16AS6192 peers with AS11423
AS11423 peers with AS11537AS11537 peers with AS513
11/23/2006 France Telecom 78
AS11423 AS11537
UCDavis:169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 1153711423 6192
AS6192 owns 169.237/16AS6192 peers with AS11423
AS11423 peers with AS11537AS11537 peers with AS513
11/23/2006 France Telecom 79
AS11537 AS513
UCDavis:169.237/16
AS6192
AS11423 (UC)
AS11537 (CENIC)AS513
an AS Path:169.237/16 5131153711423 6192AS6192 owns 169.237/16
AS6192 peers with AS11423AS11423 peers with AS11537
AS11537 peers with AS513
11/23/2006 France Telecom 80
AS6192 owns 169.237/16AS6192 peers with AS11423
AS11423 peers with AS11537AS11537 peers with AS513
11/23/2006 France Telecom 81
SBGP vs SoBGP
• What is the difference?
11/23/2006 France Telecom 82
AS6192 owns 169.237/16AS6192 peers with AS11423
AS11423 peers with AS11537AS11537 peers with AS513
11/23/2006 France Telecom 83
11/23/2006 France Telecom 84
Verification/Validation for the Truth
• Verifying the truth about the routing information
• SoBGP or SBGP
• But, MOAS/OASC:– Inherently, they assume that if EVERYTHING
has been verified, then MOAS/OASC is irrelevant.
11/23/2006 France Telecom 85
Descartes BGP
• A Conflict Detection and Response Framework for Inter-Domain Routing
«au contraire de cela, même que je pensais à douter de la vérité des autres choses, il suivait très évidemment et très certainement que j'étais.»
“to the contrary, in the very act of thinking about doubting the truth of other things, it very clearly and certainly followed that I existed.”
- René Descartes (1596-1650), Le Discours de la Méthode, Quatrieme Partie
11/23/2006 France Telecom 86
Origin AS Changes (OASC)
• Ownership: UCDavis (AS-6192) owns 169.237/16 and AS-6192 is the origin AS
• Current– AS Path: 291420911423 6192– for prefix: 169.237/16
• New– AS Path: 29143011273 81– For prefix: 169.237/16
12654
6192
11423
2093011
273
2914
81
169.237/16
11/23/2006 France Telecom 87
Origin AS Change
• Without ANY centrally managed service– DNS, PKI, BGP Certificate Authority– That is the spirit of Inter-domain Internet
• Without ANY global management!
• We do NOT know which one is correct or incorrect as the ground truth ANSWER is not being provided!– We don’t have the oracle…
• Then, how do we deal with this problem?
11/23/2006 France Telecom 88
Descartes BGP
• Collaborative Conflict Detection and Resolution, while some of the collaborators might be malicious…
• Every IP prefix:
Agreement ConflictPersistentConflict
11/23/2006 France Telecom 89
Prevention vs. Tolerance
• No invalid route will be allowed.– SBGP
• The system can still work, to a certain degree, even with one or more invalid routes.
11/23/2006 France Telecom 90
Byzantine/Persistent Failures
• Very expensive to prevent/eliminate– You will need the ground truth!!
11/23/2006 France Telecom 91
Byzantine/Persistent Failures
• Very expensive to prevent/eliminate– You will need the ground truth!!
• An alternative approach:– We can NOT completely eliminate certain
faults.– But, those faults can not completely
eliminate our service as well.
11/23/2006 France Telecom 92
Conflict
• Ground Truth about a prefix absolute– must rely on some centralized services
• Conflict relative– Two peers disagree but we don’t know
which one is right
11/23/2006 France Telecom 93
Descartes BGP
AS-6192 AS-81
169.237/16169.237/16
Agreement ConflictPersistentConflict
11/23/2006 France Telecom 94
12654
6192
11423
2093011
273
2914
81
169.237/16
11/23/2006 France Telecom 95
6192114232093011273 291481
169.237/16
11/23/2006 France Telecom 96
6192114232093011273 291481
169.237/16
11/23/2006 France Telecom 97
6192114232093011273 291481
169.237/16
11/23/2006 France Telecom 98
6192114232093011273 291481
169.237/16
11/23/2006 France Telecom 99
6192114232093011273 291481
169.237/16
Traffic Split Line
11/23/2006 France Telecom 100
Detectability & Detector
• Which ASes can detect the conflict?• Which ASes should raise the flag?
11/23/2006 France Telecom 101
Who can detect??
6192114232093011273 291481
6192114232093011273 291481
6192114232093011273 291481
6192114232093011273 291481
11/23/2006 France Telecom 102
Who can detect??
6192114232093011273 291481
6192114232093011273 291481
6192114232093011273 291481
6192114232093011273 291481
11/23/2006 France Telecom 103
Who can detect??
6192114232093011273 291481
6192114232093011273 291481
6192114232093011273 291481
6192114232093011273 291481
11/23/2006 France Telecom 104
Detector
• Who should be the detector?
6192114232093011273 291481
11/23/2006 France Telecom 105
6192114232093011273 291481
169.237/16
81
27381
301127381
6192
114236192
209114236192
Minimizing the detectors
11/23/2006 France Telecom 106
Detector
• The AS detects the conflict and will not use the new conflicting BGP update.
6192114232093011273 291481
11/23/2006 France Telecom 107
6192114232093011273 291481
169.237/16
81
27381
301127381
6192
114236192
209114236192
Detector
169.237/16
11/23/2006 France Telecom 108
Self-Stabilization
• Detection– Who should detect it?
• Conflict resolution– Who can possibly verify better than the
detector?
11/23/2006 France Telecom 109
6192114232093011273 291481
169.237/16
301127381
209114236192
Detector
169.237/16
CheckerChecker
11/23/2006 France Telecom 110
6192 81
169.237/16
Local configuration and resolution
If the checkers don’t care, nobody else will.
Agreement ConflictPersistentConflict
11/23/2006 France Telecom 111
Assuming AS81 is faulty
• AS6192 (checker) confirms with local routing policies for 169.237/16.
• AS81 (checker) realizes that it made a mistake withdraw.
11/23/2006 France Telecom 112
6192114232093011273 291481
169.237/16
301127381
209114236192
Detector
169.237/16
CheckerChecker
11/23/2006 France Telecom 113
6192114232093011273 291481
169.237/16
301127381
209114236192
Detector
169.237/16
CheckerAbnormal
11/23/2006 France Telecom 114
Self-Stabilization
• Transient/Simple Faults
11/23/2006 France Telecom 115
But, what happens…
• AS81 disagrees that it is at fault!– It even believes that AS6192 is faulty.– The basic service will NOT know the answer– We really need “outside” help to resolve the
problem “completely”.
• But, the basic service should still operate as much as possible before the resolution.
11/23/2006 France Telecom 116
6192114232093011273 291481
169.237/16
301127381
209114236192
Detector
169.237/16
CheckerChecker
Who should the Network trust?
Skeptical“Shared” Trust
11/23/2006 France Telecom 117
Persistent Conflict
• How to resolve?
11/23/2006 France Telecom 118
Management
• The right information to the management plane
• Before the issue is “completely” resolved, the Internet still operates to provide the basic service.
11/23/2006 France Telecom 119
6192114232093011273 291481
169.237/16
Detector
CheckerChecker
11/23/2006 France Telecom 120
6192114232093011273 291481
169.237.0/17
169.237.128/17
Detector
CheckerChecker
169.237.128/17
11/23/2006 France Telecom 121
IP Prefix P/n
n Network bits 32 – n host bits
IP Header
address restoration bitb
Local Decision
0 or 1Outbound at source AS
Inbound at destination AS
11/23/2006 France Telecom 122
Descartes BGP Recovery
• All the ASes between AS81 & AS6192 are aware of the persistent conflict for 169.237/16.
• No further new BGP prefix announcement under 169.237/16 (e.g., 169.237.6/24) until the persistent conflict is removed by management plane.
• Application-level IP address re-mapping, based on some trust, is required.
11/23/2006 France Telecom 123
Conflict Detection
prefix
11/23/2006 France Telecom 124
Conflict Resolution
?
?
prefix
11/23/2006 France Telecom 125
Persistent Conflict
?
?
prefix
11/23/2006 France Telecom 126
Robustness against Persistent Fault
• The faults can not be eliminated completely– Due to no ground truth within the basic
service!
• But, the faults can not completely eliminate the basic service either!!– We will still have enough/some bandwidth to
run SNMP, DNS, and PKI, for instance.
11/23/2006 France Telecom 127
# of Detectors
• AS-15412 (30,088 affected prefixes)
• 933 detectors totally• Average 8.88 per prefix• AS-3549 detected 77%
11/23/2006 France Telecom 128
140.113.0.0/16 NCTU,Taiwan2001/04/06/5pm GMT
11/23/2006 France Telecom 129
140.113.0.0/16 NCTU,Taiwan2001/04/07/1am GMT
Fault Line
11/23/2006 France Telecom 130
73 BGP msg73 BGP msg
11/23/2006 France Telecom 131
83 BGP msg83 BGP msg40 D-BGP msg40 D-BGP msg
11/23/2006 France Telecom 132
Descartes BGPthe principle of ABCD
• A: Anomalous Advertiser• B: Blocker• C: Checker• D: Detector
11/23/2006 France Telecom 133
Routing SecuritySecure Routing
• Routing security– Make sure the basic IP service work
correctly!
• Secure Routing– Enhance Internet security via a better
routing service!
11/23/2006 France Telecom 134
Internet Infrastructure
• It enables many cool applications.– Email, Web+, IM, Skype, Google, Bittorrent,
Infospace, LinkedIn,...
• We are connected, at least in the “IP address” sense!!
11/23/2006 France Telecom 135
Internet Infrastructure
• It enables many cool applications.– Email, Web+, IM, Skype, Google, Bittorrent,
Infospace, LinkedIn,...
• We are connected, at least in the “IP address” sense!!
• Many other forms of connections:– Peer2Peer, Friend2Friend, community
11/23/2006 France Telecom 136
Internet Infrastructure
• It enables many cool applications.• It enables many cool attacks.
11/23/2006 France Telecom 137
Internet Infrastructure
• It enables many cool applications.• It enables many cool attacks.
– David Clark on Morris Worms to DARPA in 1988
11/23/2006 France Telecom 138
Internet Infrastructure
• It enables many cool applications.• It enables many cool attacks.
– David Clark on Morris Worms to DARPA in 1988 “Internet is doing exactly what it supposed to do”
11/23/2006 France Telecom 139
We can not blame everything to Microsoft!
• It enables many cool applications.• It enables many cool attacks.
– Worm, DDoS, spamming, phishing,… (the list is still growing)
11/23/2006 France Telecom 140
We can not blame everything to Microsoft!
• It enables many cool applications.• It enables many cool attacks.
– Worm, DDoS, spamming, phishing,… (the list is still growing)
Related to our Inter-domain routing today…
11/23/2006 France Telecom 141
We can not blame everything to Microsoft!
• It enables many cool applications.• It enables many cool attacks.
– Worm, DDoS, spamming, phishing,… (the list is still growing)
A B
Is “end2end security” the right abstraction?
11/23/2006 France Telecom 142
• It enables many cool applications.• It enables many cool attacks.
– Worm, DDoS, spamming, phishing,… (the list is still growing)
– Spyware (I mainly blame Microsoft for this, but can we do something in the Internet infrastructure to ensure the information accountability across domains?)
We can not blame everything to Microsoft!
11/23/2006 France Telecom 143
“BGP”
• How would I let the whole world know about 169.237/16?– I announce that I owned 169.237/16– Prefix hijacking
• More importantly, how would anybody else in the Internet know how to send (or route, forward) a IP packet to 169.237/16?– Others would know how to send packets to
169.237/16–
UCDavis:169.237/16
AS6192
11/23/2006 France Telecom 144
“BGP”
• How would I let the whole world know about 169.237/16?– I announce that I owned 169.237/16– Prefix hijacking
• More importantly, how would anybody else in the Internet know how to send (or route, forward) a IP packet to 169.237/16?– Others would know how to send packets to
169.237/16– DDoS, Spam – no receiver/owner controllability
UCDavis:169.237/16
AS6192
11/23/2006 France Telecom 145
DSL (Davis Social Links)
Principle:– Communication should reflect the (social)
relationship between the sender and the receiver, and the receiver should have ways to control that.
Design:– Route discovery based on social keywords
and their potential aggregation– Separation of identity and routability– Penalty and Reputation framework
A B
A BF
FF
11/23/2006 France Telecom 146
The same message content
• “M” from Felix Wu
• “M” from Felix Wu via an IETF mailing list
• “M” from Felix Wu via Herve Debar
11/23/2006 France Telecom 147
The same message content
• “M” from Felix Wu Probably a spam• “M” from Felix Wu via an IETF mailing
list Probably not interesting• “M” from Felix Wu via Herve Debar Do I seriously want to keep the job?
11/23/2006 France Telecom 148
This is nothing new!
Principle:– Communication should reflect the (social)
relationship between the sender and the receiver, and the receiver should have ways to control that.
Design:– Route discovery based on social keywords
and their potential aggregation– Separation of identity and routability– Penalty and Reputation framework
A B
A BF
FF
11/23/2006 France Telecom 149
Social Routers
11/23/2006 France Telecom 150
Social Routers
Proxy
11/23/2006 France Telecom 151
Social Router Identity
Identity: an X-bits stringwith a public key
11/23/2006 France Telecom 152
Social Router Identity
Identity: an X-bits stringwith a public key
The identity doesn’t have to be globally unique.
There are many “Felix Wu” in this world, but Herve won’t be confused under different social contexts.
11/23/2006 France Telecom 153
Go beyond HIP
• Host Identity Protocol– Separation of host identity and routable
addresses
11/23/2006 France Telecom 154
Go beyond HIP
• Host Identity Protocol– Separation of host identity and routable
addresses
• Host Person/Object• “Identification” should be an application
issue.• Routing only provides services to
forward packets to the IP address which can be mapped to the identity by the application!
11/23/2006 France Telecom 155
A Social Link
representing a trust relationship
11/23/2006 France Telecom 156
A Social Link
representing a trust relationship
Without a social link, messages will be either dropped or lower prioritized in the “networking” layer
11/23/2006 France Telecom 157
A Social Link
representing a trust relationship
The link can be revoked or downgraded at any time!
11/23/2006 France Telecom 158
Social Keywords
Soccer, BGP, Davis, California, Intrusion Detection,…
11/23/2006 France Telecom 159
Social Keywords
Soccer, BGP, Davis, California, Intrusion Detection,…
Social keywords represents your interests and the semantic/social interpretation of you (and your identity).
11/23/2006 France Telecom 160
Social Keywords
BGP, Intrusion Detection
Soccer, Davis, California
11/23/2006 France Telecom 161
Social Keywords
Soccer, BGP, Davis, California, Intrusion Detection, Liechtenstein
Social keywords represents your interests and the semantic/social interpretation of you (and your identity).Sometimes, it can be anything you like!
11/23/2006 France Telecom 162
Incoming Route Discovery Messages
Soccer, BGP, Davis, California, Intrusion Detection, Liechtenstein
AND/OR expression
Soccer, BGP, Davis, California, Intrusion Detection, Liechtenstein
11/23/2006 France Telecom 163
Incoming Route Discovery Messages
Soccer, BGP, Davis, California, Intrusion Detection, Liechtenstein
AND/OR expression
Soccer, BGP, Davis, California, Intrusion Detection, Liechtenstein+ a few extra
{ a bag of expected words}
Accepted or not??
11/23/2006 France Telecom 164
Routing Information Exchange
AND/OR expressions of keywords
11/23/2006 France Telecom 165
Scalable, scalable, scalable???
• 40 billions of ASes or nodes• “Lots” of keywords and keyword
expressions
11/23/2006 France Telecom 166
Keyword Aggregation
AND/OR expressions of keywords
11/23/2006 France Telecom 167
Limited Resources
.
.
.
.
11/23/2006 France Telecom 168
M
.
.
.
.
Keywords and aggregated keywords
“content addressable emails”
11/23/2006 France Telecom 169
DSL Route Discovery& Trust Management
DSL Forwarding Plane
11/23/2006 France Telecom 170
Remarks
• Routing security involves several complex issues without good definitive answers..
• We should really think about “communication” first, and then worry about the best routing framework to support it.– E.g., P2P applications, hijacking, fairness, spam,
phishing, penalty, matching with social networks, identity and receiver control…