Scribd Logo
Upload

Welcome to Scribd!

  • Stealth Probing: Efficient Data-Plane Security For IP Routing

    Uploaded by

    Hema latha
    14 views30 pages
    This document proposes a technique called "stealth probing" to securely monitor routing fabric availability in the presence of data plane adversaries. It works by encrypting and tunneling both data and probing traffic to make them indistinguishable to adversaries. This prevents selective targeting of probes. The document also describes how stealth probing can be used for intradomain fault localization via "Byzantine tomography" and interdomain path validation through "secure route control". Overall, the key idea is to conceal probing traffic to detect data plane disruptions while preventing preferential treatment of traffic by adversaries.

    Original Description:

    Original Title

    stealth062.ppt

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document proposes a technique called "stealth probing" to securely monitor routing fabric availability in the presence of data plane adversaries. It works by encrypting and tunneling both data and probing traffic to make them indistinguishable to adversaries. This prevents selective targeting of probes. The document also describes how stealth probing can be used for intradomain fault localization via "Byzantine tomography" and interdomain path validation through "secure route control". Overall, the key idea is to conceal probing traffic to detect data plane disruptions while preventing preferential treatment of traffic by adversaries.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views30 pages

    Stealth Probing: Efficient Data-Plane Security For IP Routing

    Uploaded by

    Hema latha
    This document proposes a technique called "stealth probing" to securely monitor routing fabric availability in the presence of data plane adversaries. It works by encrypting and tunneling both data and probing traffic to make them indistinguishable to adversaries. This prevents selective targeting of probes. The document also describes how stealth probing can be used for intradomain fault localization via "Byzantine tomography" and interdomain path validation through "secure route control". Overall, the key idea is to conceal probing traffic to detect data plane disruptions while preventing preferential treatment of traffic by adversaries.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 30

    Stealth Probing: Efficient Data-

    Plane Security for IP Routing


    Ioannis Avramopoulos
    Princeton University

    Joint work with Jennifer Rexford


    Hosts vis-à-vis Routers
    (Attacks against Availability)
    Routing Fabric
    (Routing Protocols)
    Routing Fabric
    (Data Forwarding)
    Attacks against the Routing Fabric
    (Breaking Perimeter Defense)

    AS: Autonomous
    System
    AS1
    Perimeters can be AS2
    broken because of:
    Disgruntled network
    operators

    Password guessing AS0


    Exploits of the OS

    AS4
    AS3
    Attacks against the Routing Fabric
    (Routing Protocol Attacks and Defenses)
    • These attacks game the routing state by
    falsifying routing protocol messages
    • Falsifications come in two flavors:
    – Modification of en-route protocol messages
    – Collusion (or wormhole) attacks

    • Secure routing protocols protect from the


    modification of protocols messages
    – They do not protect from wormholes
    – They do not verify forwarding behavior
    Limitation of Secure Routing Protocols
    (Data-Plane Adversary)

    DATA DATA DATA


    Attacks against the Routing Fabric
    (Data-Plane Attacks)
    • Link layer disruption
    – Physical layer attacks
    – Medium access control layer attacks
    • Network layer disruption
    – Packet loss
    – Packet modification
    – Packet delay
    – Packet deflection
    • Transport layer disruption
    – Attacks against the congestion control mechanism
    Securing the Routing Fabric
    (Defending against Data-Plane Attacks)
    • Availability monitoring
    – Easy for the traffic source
    – Difficult from within the network
    • Fault localization
    – Beaconing and traceroute egregiously fail in
    adversarial networks
    – In adversarial networks, fault localization is
    difficult but necessary
    Overview
    • Introduction
    • Stealth Probing
    • Intradomain Deployment -- Byzantine
    Tomography
    • Interdomain Deployment -- Secure Route
    Control
    • Related Work
    • Conclusion
    Availability Monitoring
    (Problem Formulation)
    Naïve Solutions
    • Probing (e.g., ping)
    • Cumulative network-layer ACKs
    • Transport-layer ACKs

    ingress egress
    Stealth Probing
    (Approach)
    • Prevent the adversary from preferentially
    treating probing traffic by making data
    and probing traffic indistinguishable
    • Three steps
    1. Create an encrypted tunnel and divert both data
    and probing traffic in the tunnel
    2. Match the size of probing traffic with that of the
    data traffic
    3. Obscure the timing of probes
    Stealth Probing
    (Approach---continued)

    ingress router egress router


    Stealth Probing
    (Approach---continued)

    ingress router egress router


    Stealth Probing
    (Primary Benefits)
    • Non-intrusive (low overhead)
    • Detects “delay attacks” (by measuring the
    round-trip-times of probing traffic)
    • Prevents selective low-rate attacks that
    target individual IP addresses (by hiding
    the source and destination IP addresses of
    data traffic)
    • Mitigates attacks that exploit TCP (by
    making the TCP mechanism “opaque”)
    Stealth Probing
    (Secondary Benefits)
    • Encryption protects unencrypted host-to-
    host communications
    • Fate-sharing between data traffic and
    probes is broadly useful in network
    troubleshooting
    • Tunnels are useful in traffic engineering
    Overview
    • Introduction
    • Stealth Probing
    • Intradomain Deployment -- Byzantine
    Tomography
    • Interdomain Deployment -- Secure Route
    Control
    • Related Work
    • Conclusion
    Basic idea
    • Fault localization without overburdening
    the data plane:
    – Terminal nodes monitor path availability
    – Terminal nodes disclose faulty paths to a
    designated network entity
    – This entity “triangulates” adversarial nodes
    and links from the collection of faulty paths
    Byzantine Tomography
    (Model)
    Byzantine Tomography
    Solves
    (Approach)
    Minimum
    Hitting Set
    Byzantine Tomography
    (Basic Property)
    • Output from Byzantine tomography is not
    always accurate
    • However, accuracy increases as fault
    knowledge expands
    • Therefore, the higher the adversary’s
    impact, the more likely it is that the
    adversary will be correctly detected
    Overview
    • Introduction
    • Stealth Probing
    • Intradomain Deployment -- Byzantine
    Tomography
    • Interdomain Deployment -- Secure
    Route Control
    • Related Work
    • Conclusion
    Secure Route Control
    AS B (Stub)

    Provider Provider
    Provider

    Provider Provider

    AS A (Stub)
    Secure Route Control (cont.)
    AS B (Stub)

    Provider Provider
    Provider

    Provider Provider

    AS A (Stub)
    Overview
    • Introduction
    • Stealth Probing
    • Intradomain Deployment -- Byzantine
    Tomography
    • Interdomain Deployment -- Secure Route
    Control
    • Related Work
    • Conclusion
    Related Work
    • Perlman proposed encryption to make data and control
    traffic indistinguishable
    – Perlman proposed encryption at network links
    – We extend this idea to network paths
    • Mizrak et al. proposed Fatih as a secure data-plane
    availability monitor
    – Fatih requires clock synchronization
    – Stealth probing does not rely on clock synchronization
    • Several researchers have proposed data-plane
    mechanisms for secure fault localization
    – Byzantine tomography is a management-plane technique
    Conclusion (1)
    • Resilience was a top priority in the design of the
    operational Internet but the threat model was
    naïve (vis-à-vis today’s attacks)
    • In future networks, we should expect to see
    – better perimeter defense and
    – in-depth defense
    • secure routing protocols
    • secure data forwarding
    • Stealth probing is a secure availability monitor
    that works by concealing probing traffic
    Conclusion (2)
    • We presented deployment scenarios of this
    monitor in
    – Intradomain routing and
    – Interdomain routing
    • Our ongoing work focuses on … :
    – Intradomain case: … improving the accuracy of
    Byzantine tomography
    – Interdomain case: … investigating the benefits of
    more flexible interdomain path selection schemes
    Thank you

    Questions

    You might also like