Download - Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP
![Page 1: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/1.jpg)
Jennifer Rexford
Fall 2014 (TTh 3:00-4:20 in CS 105)
COS 561: Advanced Computer Networks
http://www.cs.princeton.edu/courses/archive/fall14/cos561/
BGP Security
![Page 2: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/2.jpg)
Example “Prefix Hijacking” Attack
YouTube Outage of February 24, 2008
2
![Page 3: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/3.jpg)
February 24, 2008, YouTube Outage• YouTube (AS 36561)–Web site www.youtube.com–Address block 208.65.152.0/22
• Pakistan Telecom (AS 17557)–Receives government order to block access to YouTube–Starts announcing 208.65.153.0/24 to PCCW (AS 3491)–All packets directed to YouTube get dropped on the floor
• Mistakes were made–AS 17557: announcing to everyone, not just customers–AS 3491: not filtering routes announced by AS 17557
• Lasted 100 minutes for some, 2 hours for others3
![Page 4: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/4.jpg)
4
Timeline (UTC Time)
• 18:47:45– First evidence of hijacked /24 route propagating in Asia
• 18:48:00–Several big trans-Pacific providers carrying the route
• 18:49:30–Bogus route fully propagated
• 20:07:25–YouTube starts advertising the /24 to attract traffic back
• 20:08:30–Many (but not all) providers are using the valid route
http://research.dyn.com/2008/02/pakistan-hijacks-youtube-1/
![Page 5: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/5.jpg)
5
Timeline (UTC Time)
• 20:18:43–YouTube starts announcing two more-specific /25 routes
• 20:19:37–Some more providers start using the /25 routes
• 20:50:59–AS 17557 starts prepending (“3491 17557 17557”)
• 20:59:39–AS 3491 disconnects AS 17557
• 21:00:00–All is well, videos of cats flushing toilets are available
![Page 6: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/6.jpg)
6
Lessons From the Example
• BGP is incredibly vulnerable–Local actions have serious global consequences–Propagating misinformation is surprisingly easy
• Fixing the problem required vigilance–Monitoring to detect and diagnose the problem– Immediate action to (try to) attract the traffic back–Longer-term cooperation to block/disable the attack
• Preventing these problems is even harder–Require all ASes to perform defensive filtering?–Automatically detect and stop bogus route?–Require proof of ownership of the address block?
![Page 7: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/7.jpg)
BGP Attacks
7
![Page 8: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/8.jpg)
8
Prefix Hijacking
1
2
3
4
5
67
12.34.0.0/1612.34.0.0/16
• Originating someone else’s prefix–What fraction of the Internet believes it?
![Page 9: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/9.jpg)
Sub-Prefix Hijacking
• Originating a more-specific prefix–Every AS picks the bogus route for that prefix–Traffic follows the longest matching prefix 9
1
2
3
4
5
67
12.34.0.0/1612.34.158.0/24
![Page 10: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/10.jpg)
Interception Attack
10http://queue.acm.org/detail.cfm?id=2668966
![Page 11: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/11.jpg)
11
Bogus AS Paths to Hide Hijacking• Adds AS hop(s) at the end of the path–E.g., turns “701 88” into “701 88 3”
• Motivations–Evade detection for a bogus route–E.g., by adding the legitimate AS to the end
• Hard to tell that the AS path is bogus…–Even if other ASes filter based on prefix ownership
701
883
18.0.0.0/818.0.0.0/8
![Page 12: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/12.jpg)
12
Path-Shortening Attacks
• Remove ASes from the AS path–E.g., turn “701 3715 88” into “701 88”
• Motivations–Make the AS path look shorter than it is–Attract sources that normally try to avoid AS 3715–Help AS 88 look like it is closer to the Internet’s core
• Who can tell that this AS path is a lie?–Maybe AS 88 *does* connect to AS 701 directly
701 883715
?
![Page 13: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/13.jpg)
13
Attacks that Add a Bogus AS Hop
• Add ASes to the path–E.g., turn “701 88” into “701 3715 88”
• Motivations–Trigger loop detection in AS 3715
Denial-of-service attack on AS 3715 Or, blocking unwanted traffic coming from AS 3715!
–Make your AS look like is has richer connectivity
• Who can tell the AS path is a lie?–AS 3715 could, if it could see the route–AS 88 could, but would it really care as long as it
received data traffic meant for it?
701
88
![Page 14: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/14.jpg)
14
Violating “Consistent Export” to Peers• Peers require consistent export–Prefix advertised at all peering points–Prefix advertised with same AS path length
• Reasons for violating the policy–Trick neighbor into “cold potato”–Configuration mistake
• Main defense–Analyzing BGP updates–… or data traffic–… for signs of inconsistency src
dest
Bad AS
data
BGP
![Page 15: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/15.jpg)
Other Attacks
• Attacks on BGP sessions–Confidentiality of BGP messages–Denial-of-service on BGP session– Inserting, deleting, modifying, or replaying messages
• Resource exhaustion attacks–Too many IP prefixes (e.g., BGP “512K Day”)–Too many BGP update messages
• Data-plane attacks–Announce one BGP routes, but use another
15
![Page 16: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/16.jpg)
Improving BGP Security
16
![Page 17: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/17.jpg)
Solution Techniques
• Protective filtering–Know your neighbors
• Anomaly detection–Suspect the unexpected
• Checking against registries–Establish ground truth for prefix origination
• Signing and verifying–Prevent bogus AS PATHs
• Data-plane verification–Ensure the path is actually followed
17
![Page 18: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/18.jpg)
18
Public Key Infrastruc
ture
IBMAT&T
Comcast
LocalISP
Princeton
Comcast: (IBM)Comcast: (IBM)
Local: (Comcast, IBM)
Route Attestations in Secure BGP If AS a announced path abP then b announced bP to a
Public Key Signature: Anyone who knows IBM’s public key can verify the message was sent by IBM.
Comcast: (IBM)
Local: (Comcast, IBM)
Princeton: (Local, Comcast, IBM)
![Page 19: Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP](https://reader036.vdocuments.net/reader036/viewer/2022062713/56649f3f5503460f94c5f991/html5/thumbnails/19.jpg)
Discussion of the Paper
BGP Security in Partial Deployment
19