Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
-
Upload
kaitlyn-macgregor -
Category
Documents
-
view
213 -
download
1
Transcript of Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.
![Page 1: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/1.jpg)
Secure Routing PanelFIND PI Meeting (June 27, 2007)
Morley Mao, Jen Rexford, Xiaowei Yang
![Page 2: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/2.jpg)
2
Goal of the Panel
• Understand and discuss– The threats on the routing system– Lessons learned from today’s routing
system– Challenges of architecting a secure routing
system– A few specific architectural proposals
![Page 3: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/3.jpg)
3
Questions
• What are the threats?– End hosts– Compromised routers– Greedy providers
• What security properties do we need?– Just availability?– Knowing traffic is reaching the right destination?– Knowing end-to-end path? At what granularity?– Avoiding certain paths, countries, or companies?– Do paths need to be symmetric?
• Enable multiple levels of security in parallel?
![Page 4: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/4.jpg)
4
Questions
• Where should security functions be placed?– End hosts vs. routers– Data, control, and management planes
• How do we ensure participation?– Economic incentives for deployment?– Role (if any) for government regulation?– Any need for accountability/liability for
problems?– Enable partial deployment scenarios?
![Page 5: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/5.jpg)
5
Organization
• Morley Mao, U. Michigan– Threats, and an operator perspective (15
min)
• Jen Rexford, Princeton– Multi-path routing and secure monitoring
(10 min)
• Xiaowei Yang, UC Irvine– User-controlled routes (15 min)
• Discussion, debate, …
![Page 6: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/6.jpg)
Helping Edge Networks to Help Themselves
Jen Rexford
Joint work with Dave Andersen, Ioannis Avramopoulos, and Dan Wendlandt
![Page 7: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/7.jpg)
7
Don’t Need Secure Routing Protocols
• Secure routing protocols– Securing info communicated within the
protocol
• Secure routing protocols are too much– Require large-scale (ubiquitous?) deployment– Heavy weight crypto operations– Global public key infrastructure
• Secure routing protocols are too little– Packets might not follow the path– Adversary can deflect packets or DoS links– Colluding ASes can claim fake links
![Page 8: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/8.jpg)
8
Secure End-to-End Communication
• An architectural proposal– Multi-path routing exposes possible paths– Edge nodes find and securely use working
paths
End-to-end security (e.g., SSL & IPsec)
•Confidentiality of Data
•Integrity of Data
•Availability of Communication Channel
Depends on Routing and Forwarding
![Page 9: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/9.jpg)
9
Where do Multiple Paths Come From?
• Multi-homing– Connecting to multiple neighboring ASes– Connecting to a neighbor at multiple places
• Deflecting through intermediate nodes– Overlay networks of end hosts– Deflection services offered by other
networks
• Multi-path routing protocolsAA
BB
C
D
![Page 10: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/10.jpg)
10
How Do Edge Nodes Switch Forwarding Paths?
• Tagging– Mark tag bits in the data packets– Routers interpret the bits in forwarding
• Encapsulation– Specifying intermediate deflection point– Routers forward based on deflection address
B
A C101
B
![Page 11: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/11.jpg)
11
How Do Edge Nodes Decide to Change Paths?
• End-to-end integrity check– IPsec and SSL– Client authentication and server certificates– Vote among users from many vantage
points
• Secure availability monitoring– End-host applications judge the
performance– Edge routers securely sample the
performance
![Page 12: Secure Routing Panel FIND PI Meeting (June 27, 2007) Morley Mao, Jen Rexford, Xiaowei Yang.](https://reader036.fdocuments.net/reader036/viewer/2022082917/55148c2e550346f06e8b4f86/html5/thumbnails/12.jpg)
12
Conclusion
• Secure routing is not the goal– The control plane is just one part of the system– “Jen, the Internet is not a network for delivering
BGP update messages.” – Randy Bush
• Secure communication should be the goal– Integrity, confidentiality, and availability
• Leading to a combination of mechanisms– End-to-end integrity and confidentiality– Multi-path routing and forwarding– Secure availability monitoring