Why do we need network security?
May parts of the internet are susceptible to attacks
- Routing (BGP)
- Naming (DNS) - Reflection, Phishing
What is “Reflection”?
A way of generating a very large amount of traffic directed toward a victim (DDoS)
What is “Phishing”?
An attacker exploits the DNS to trick the user into revealing information
Which design choices of the internet has made it vulnerable to attacks?
- Designed for simplicity
- “on by default”.
- Hosts are insecure
- Attacks can look like “normal” traffic
- Federated design - because it’s run by thousands of coordinated networks, it’s hard to have a common method of defense
Which make the internet design fundamentally insecure? A: On by default B: IP Addresses are easy to guess C: Attacks look like normal traffic D: Federation
A, C, D
What are resource exhaustion attacks ?
In a packet switch network, resources are not reserved and packets are self containment. Every packet has a destination IP address, and each packet travels independently to the destination host. In a packet switch network, a link may be shared by multiple senders at any given time, using statistical multiplexing
A large number of senders can overload a network resource, such as a node or a link. Note that circuit switch networks like the phone network do not have this problem because every connection effectively has allocated, dedicated resources. For that particular connection until it is terminated. So this problem that an attacker who sends allot of traffic might exhaust resources is unique to a packet switched network environment.
What are the components of security?
Availability: ability to use a resource
Confidentiality: concealing information
Authenticity: assures the origin of information
Integrity: prevent unauthorized changes
An attack on confidentiality
Eavesdropping (packet sniffing)
An attack on authenticity
Interception and modification of packets, or a “man in the middle” attack.
A denial of service attack is an attack on what?
1: availability
2: confidentiality
3: Authenticity
4: Integrity
1 availability
What are the negative impacts of attacks?
Theft of confidential info
Unauthorized use
False information
Disruption of service
What is the goal of control plane security/authentication?
To determine the veracity of routing advertisements
What are the aspects of the routing protocol which we seek to verify?
- Session authentication, which protects the point-to-point communication between routers
- Path authentication, which protects the AS path, and sometimes other attributes.
- Origin authentication, which protects the origin AS in the AS path. This promises that the AS which advertises a prefix is, in fact, the own of that prefix.
A route hijack is an attack on which of the following forms of authentication?
- Session: point-to-point between routers
- Path: protects AS path
- Origin: ensure that AS advertising prefix is the owner
- A route hijack is an attack on the origin authentication, because the AS advertising a prefix, is not the actual owner of the prefix.
how do attacks on routing happen in the first place?
A. The router could be simply be misconfigured.
B. A router may be compromised by an attacker. When this happens the attacker can reconfigure the router.
C. Unscrupulous ISPs might also decide to advertise routes they should not be advertising
What are the means of attacks on routing?
A. May reconfigure the router, which is the most common way
B. Tamper with software
C. Temper with routing data
Most common attack is a “route hijack” on origin authentication
What is Route poisoning?
a method that prevents a certain network from sending data packets to a path destination that has already become invalid. This is done when a distance vector routing protocol sees an invalid route or one with large routing loops.
How can an attacker’s network hide from a trace-route sent by the origin AS?
if the routers in the attacker’s network never decrement the TTL, then no time exceeded messages would be generated by routers in the AS. Therefore the traceroute would never show AS
What is Session Authentication?
It is a method that attempts to ensure that BGP routing messages sent between routers of AS’s are authentic.
This is easier than it appears, because the session is a TCP session. We do this by using TCP’s MD5 authentication option
What is “Secure BGP”, or BGPSEC?
a proposal to modify the existing border gateway protocol to add signatures to various parts of the route advertisement.
1. origin attestation, which is a certificate that binds the IP prefix to the organization/owner. Must be signed by trusted party
- Path Attestation: Signatures along AS path
What is “Path attestation”?
Watch 14.16 (5 min)
What can “path attestations” defend against?
- Some hjacks
- Path shortening attacks
- Modification of the AS path
What cannot path attestations defend against?
- Suppression (if AS fails to advertise)
- Replay attacks, such as premature re-advertisement of a withdrawn route.
- No way to guarantee that data traffic travels along the advertised AS path, which is a significant weakness of DGP, and yet to be solved by any routing protocol.
What does the architecture of DNS look like?
Observe figure in 14.17
