Date post: | 21-Dec-2015 |
Category: |
Documents |
View: | 218 times |
Download: | 1 times |
Efficient and Secure Source Authenticationwith Packet Passports
Xin Liu (UC Irvine)Xiaowei Yang (UC Irvine)
David Wetherall (Univ. of Washington)Thomas Anderson (Univ. of Washington)
Outline
Motivation Design
High-Level Idea Challenges and Solutions
Feasibility Analysis Related Work Summary
Denial-of-Service (DoS)Flooding Attack
Victim
This type of attack is prevailing Yahoo was knocked down in Feb 2000 Online extortion
General Approachesto Combat DoS Flooding Attacks Preventive
Prevent DoS attacks from happening Capability System [Anderson03, Yarr04, Yang05] Ticket System [Patel97]
Reactive Eliminate DoS attacks after they cause damage
Filtering
Our next step is to compare the two and pick the winner
Filtering is Difficult
Filtering!
Filtering!
Filtering By default, all traffic is allowed to pass Victim requests to install filters to remove attack traffic
Challenges Installing filters close to the attack sources Describing attack traffic in filter description
Any field of a packet can be forged, including source IP address
Authentic Source Identifier can Help
Advantages Showing where a packet comes from Serving as a traffic descriptor in filters
Source IP address is not verifiable Cannot be trusted unless spoofing is totally eliminated
Routers may be compromised
Filter: SrcID=X
Filter: SrcID=Y
SrcID=X
SrcID=Y
Outline
Motivation Design
High-Level Idea Challenges and Solutions
Feasibility Analysis Related Work Summary
Our Solution: Packet Passport System
IP Header Passport Payload
IP Packet
Goal of a passport: providing an authentic source identifier that routers can verify independently at packet forwarding time
Requirements
A passport must be: Unforgeable Efficient to generate and verify
Digital signature: computationally expensive
The packet passport system must: Bootstrap with minimum out-of-band
communication Be robust against DoS attacks
High Level Idea
K(A,R)K(A,B)
K(A,R)K(R,B)
K(A,B)K(R,B)
IP Packet
RMACR
BMACB
A
Passport
IP Packet
RMACR
BMACB
A
Passport
IP Packet
RMACR
BMACB
A
Passport
A BR
MACR=MACK(A,R)(A, R, B, SrcIP, DstIP, …)
MAC: Message Authentication CodeK(X,Y): Symmetric key shared between two nodes X and Y
Source Identifier
Challenges
Scalability Too many keys Path in passport too long
How to establish secret keys Bootstrapping key distribution messages can
not contain passports Key distribution messages may be dropped
due to DoS attacks
Packets with valid passports may be replayed to launch DoS attacks
Two-Level Hierarchy for Scalability
Intra-domainIdentifier
AS2
MAC2
AS3
MAC3
AS1
Passport
Intra-domainIdentifier
Passport
K(AS1,AS2)K(AS1,AS3)
AS1
K(AS1,AS2)K(AS2,AS3)
K(AS1,AS3)K(AS2,AS3)
AS2 AS3
R1
R2 R3
R4
R5
R6
A B
Limitation of Two-Level Hierarchy
Only the source domain can verify intra-domain identifiers Filters may not be effective when source
domain forges arbitrary intra-domain identifiers Counter-measure: blocking the source domain
Implementation of Intra-domain Identifier is Flexible Each domain can implement intra-domain
identifier in its own way Source IP address (if source spoofing is
prevented inside a domain) Message authentication code
Key Distribution via BGP
pgd iAS
i
r
AS modpdpdASASK ASAS r
AS
r
AS modmod),( 1
2
2
121
AS1
AS2
10.1.0.0/16
10.2.0.0/16
eBGP
eBGP
10.1.0.0/161ASd
Prefix Announcement 1
10.2.0.0/162ASd
Prefix Announcement 2
1ASr
2ASr
Diffie-Hellman Key Exchange
Benefits of Key Distribution via BGP
Allowing key distribution to bootstrap eBGP session between adjacent domains can
be authenticated without passports [RFC3682]
Robust against DoS flooding attack BGP is a closed system: BGP traffic can get
higher priority
Supporting incremental deployment can be carried in optional and transitive
path attributeiASd
Securing Key Distribution
is signed with ASi’s private key
ASi’s public key is distributed like
ASi’s public key is bound to ASi using the same mechanism that binds a prefix to a domain Reusing the PKI that secures routing: public
key certification by CAs
iASd
iASd
Preventing Replay Attack
Problem: attack traffic cannot be cut off Why replay attack prevention is difficult?
Timestamp: time synchronization between domains Sequence number: synchronization inside a domain
Our Solution Bloom Filter + Fast Re-keying
ABCompromised
Router
Too much traffic from A! Block him!
Bloom Filter to Detect Duplication
AS4AS3AS2AS1
ID=100 ID=100 ID=100
Bloom Filter
AS1,100
ID=100
ID=100
Limitation: a bloom filter cannot remember a passport for a long time 16Mb SRAM can “remember” 2.5Gbps traffic for 5
seconds with a false positive rate of 5.7×10-6
Hash chain
Fast Re-keying
K(AS1,AS2)
K1(AS1,AS2)
K200(AS1,AS2)
K1000 (AS1,AS2)
AS1 AS2 AS3
AS4
……
KeyIdx=200 KeyIdx=200
KeyIdx=100
KeyIdx=100
200
Km(AS1,AS2)=HASHm(K(AS1,AS2))
Passport Verification Process
Receivea packet
KeyIdxtoo large? MAC valid? Duplicate?
Forwardthe packet
Discard/demotethe packet
Yes
No
No
Yes
Yes
No
Supporting Incremental Deployment
Key distribution messages are wrapped in optional and transitive path attributes in prefix announcements
Passport can be implemented as a shim layer
AS path in a passport only includes those that have deployed packet passport system
AS1
Incentives for Early Adoption
No domains can spoof AS1’s source identifier at AS2
AS2 can filter DoS attack traffic from AS1
AS1 can locate attack sources within itself
AS2
PassportEnabled
PassportEnabled
AS3
Other Applications
Fair resource allocation Restricting/eliminating reflector attacks Deterring future attacks
Feasibility Analysis
Practical with today’s hardware technology
Passport generation and validation: with UMAC, a commodity PC can generate 975K passports and verify 3.9M passports per second
Key distribution: computation, communication and storage cost almost negligible
Bloom filter: 16Mb SRAM can “remember” 2.5Gbps traffic for 5 seconds with a false positive rate of 5.7×10-6
Related Work
Our key advantage: stronger authentication Source address validation: Ingress/egress filtering,
reverse path filtering, SAVE [Li02] Source address not verifiable
Path as the identifier: Path Identifier [Yaar03], Active Internet Traffic Filtering [Argyraki05] First portion of the path spoofable
Authenticated Marking Scheme [Song01] Not verifiable at packet forwarding time
Spoofing Prevention Method [Bremler-Barr05] Secret in plain text; secret distribution problematic
TVA [Yang05], Ticket System [Patel97], Visa Protocol [Estrin89] Request channel vulnerable
Summary
A packet passport efficiently and securely authenticates the source of a packet.
The system is incrementally deployable with incentives for early adoption.
The system is practical with today’s hardware technology.
Future Work Improvement to replay attack prevention Design and implementation of an automatic
filtering system
Packet Passport Format