Finding Vulnerable Network Gadgets in the Internet Topology

Author: Nir Amar

Supervisor: Dr. Gabi Nakibly

Background

The Internet – composed of some 50,000 autonomous systems (AS).

An AS is a collection of networks and routers which are administered by a single authority, i.e., an ISP, a large corporation or a university.

The routing between the different ASes is done using a protocol called BGP.

BGP and Relationships

Exchanging network reachability information with other BGP systems.

Customer Provider relation – The customer pays to the provider for traffic on the link.

Peer-to-Peer relation – the link is intended for traffic between two neighbors and their customers.

Local Preference – Prefer outgoing paths where the next hop is a customer over peer over provider. (Shortest Paths, Tie Breaking)

Import, Routing and Export policies

Upon receiving a route update for a given set of subnets, needs to decide whether to accept this update(Import policy)

If the update is accepted, need to decide whether to use the proposed route. (routing policy)

If the this path is chosen for routing, need to determine whether to propagate the update to the neighboring As’s. (export policies)

How Secure are Secure Interdomain Routing Protocols?

Authors

Sharon Goldberg , Michael Schapira, Peter Hummon and Jennifer Rexford.

Intuition – Shortest Path, Export All

Counter-Intuitive Attacks Attract More by Announcing Longer Paths

Attract More by Exporting to Less Neighbors

Goal

Find gadgets and appropriate "smart / counter-intuitive" attacks on those gadgets using Software Verification tool

Attacking BGP

BGP Attacks Classification

Attraction – Attract traffic

Interception – eavesdrop or tamper with traffic before forwarding it on to the legitimate destination.

Quantifying the impact of attacks

Attraction – Shortest Path, Export All

Interception – Shortest Path, Export All, with Connectivity.

Middle

Dst

Src

Overall Sequence

User parameters: Topology and Attack

Simulate BGP using the SW model

Assert (Non-deterministic Attack < Intuitive Attack)

ExpiSat Counter intuitive attack

Findings and Results

Topology Generation

Time and Memory Consuming

Two non-deterministic decisions:

How many As'es are in the topology

What is the relation between each As'es pair?

Characteristics for Reducing Topologies Size

Topology Generation – Example

Cdcdcsdcdsc

dscdscdsc

Victim

702

13030

43284

Attacker

6757

432

654

236

756

Interception Attack – Intuitive

Cdcdcsdcdsc

dscdscdsc

Victim

702

13030

43284

Attacker

6757

432

654

236

756

3

Interception Attack – Counter – Intuitive

Cdcdcsdcdsc

dscdscdsc

Victim

702

13030

43284

Attacker

6757

432

654

236

756

5

Attack Generation – Interception AttackOn Non-Deterministic Topology

Victim

702

13030

43284

Attacker

6757

432

654

236

756

4

Attraction Attack – Intuitive

Cdcdcsdcdsc

dscdscdsc

Victim

702

13030

43284

Attacker

6757

432

654

236

756

8No Better Counter-Intuitive Attack

Note

The topology and the attack creation are un-related!

The user can decide that he have a special topology that he want to find a counter-intuitive attack on it. The software allows such thing to happen.

Same for the case that the user have a specific attack (for example – shortest-path-export-all attack) that he would like to test it on several topologies.

Conclusion

 

Generating non deterministic attacks .

Find gadgets and Appropriate "smart / counter-intuitive" attacks

using Software Verification tool

Generating non deterministic topologies

Succeeded to generate topologies (up to size 5-

6) in my memory constraints,

The End.

Real world topologies are in danger!