or routing is as insecure as the rest of the flippin
play

Or Routing is as Insecure as the Rest of the Flippin Internet, but - PowerPoint PPT Presentation

This Space Intentionally Left Blank to Hold Space Just in Case Routing Security Appears Or Routing is as Insecure as the Rest of the Flippin Internet, but its Scarier Steven M Bellovin <smb@cs.columbia.edu> Randy Bush


  1. This Space Intentionally Left Blank to Hold Space Just in Case Routing Security Appears Or Routing is as Insecure as the Rest of the Flippin’ Internet, but it’s Scarier Steven M Bellovin <smb@cs.columbia.edu> Randy Bush <randy@psg.com> Rossella Mattioli <rossella.mattioli@enisa.europa.eu> 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 1

  2. What are the Assets? • Traffic Content • Meta-Data 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 2

  3. Infrastructure Assets p5 of ENISA’s Threat Landscape and Good Practice Guide for Internet Infrastructure 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 3

  4. What are the Threats? • Traffic Content Inspection • Traffic Content Modification • Traffic Injection • Traffic Analysis These are all Attacks on the Data Plane by Manipulating the Control Plane 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 4

  5. ENISA ¡Threat ¡Landscape ¡Report ¡ ¡ http://www.enisa.europa.eu/activities/risk-management/evolving-threat-environment/iitl 5 European Union Agency for Network and Information Security www.enisa.europa.eu

  6. Current ¡Internet ¡infrastructure ¡threats ¡ Threat ¡groups ¡ Threat ¡types ¡ Trends ¡ Rou;ng ¡Threats ¡ Nefarious ¡Ac-vity/Abuse ¡ Increasing ¡ Ý ¡ ¡ Eavesdropping/Intercep-on/Hijacking ¡ Increasing ¡ Ý ¡ DNS ¡Threats ¡ Nefarious ¡Ac-vity/Abuse ¡ Decreasing ¡ Þ Þ ¡ Denial ¡of ¡Service ¡ Nefarious ¡Ac-vity/Abuse ¡ Increasing ¡ Ý ¡ Generic ¡Threats ¡ Physical ¡a@ack ¡ N/A ¡ Damage/Loss ¡ Increasing ¡ Ý ¡ Failures/Malfunc-ons ¡ Increasing ¡ Ý ¡ Nefarious ¡ac-vity/Abuse ¡ Increasing ¡ Ý ¡ Eavesdropping/Intercep-on/Hijacking ¡ Increasing ¡ Ý ¡ 6 European Union Agency for Network and Information Security www.enisa.europa.eu

  7. Who is Attacking? • Financial (traffic content and diversion) • Nation State (traffic content and analysis, diversion, modification) • Revenge/Extortion (DDoS) • Spammers (address space misappropriation) 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 7

  8. Where are They Attacking? External Infrastructure (IRR, Whois, RPKI) We Gaming Well-Implemented Routing Protocols Focus Here Routing Protocol Weakness Router Hardware & Software (NSA Implants) Circuits (Fiber & Cable Taps) 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 8

  9. Internet Routing is Not a Disaster Waiting to Happen It is a Disaster Happening Every Day 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 9

  10. And This Has Been Going on for Two Decades Mis-Originations 7007 Incident 128/9 YouTube/Pakistan 61.0.0.0/8 originated by spamming AS4678 for two years d000::/8 originated by spamming AS28716 for two months Path Attacks L0pht in 1998 Amazon/BitCoin Capela/Pilosov Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks – Vervier, Thonnard, & Dacier 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 10

  11. Constraints on Cure • Compatible • Low Cost to Deploy • Does not Increase Operator Risk • Does not Increase Competitive Exposure • Vendors Need to See Demand & Profit • Operators Need to See Demand & Profit • Users Need to See Benefit 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 11

  12. Lessons of IPv6 • Product of Committee Compromise • Not Backward Compatible • Producing 300 Transition Mechanisms • Not Backward Compatible • Second System Syndrome (featuritis) • Not Backward Compatible • High Migration Cost to Vendors & Operators • Not Backward Compatible • Finger-Pointing (vendors, operators, …) 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 12

  13. Why RPKI-Based Origin Validation Happened • Runs on Existing Hardware • Very Low Cost for Operators to Deploy • Deployable Without Coordination • Designed by a Small Cabal of Security, Crypto, Routing, Ops, Vendors • Vendors Did Us a Favor and Implemented 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 13

  14. RIPE >2,700 New Reg UI LACNIC >450 ARIN 388 150302.dagstuhl Creative Commons: Attribution-NonCommercial-ShareAlike 14

Recommend


More recommend