Академический Документы
Профессиональный Документы
Культура Документы
By,
Introduction
Network routing is vulnerable to disruptions This cannot be avoided by having a Secure routing Protocol
1/30/2013 12:17 PM
Topics
Existing Approach Secure TraceRoute Authenticating Secure Traceroute Using the Secure TraceRoute Routing Asymmetry Attacks
1/30/2013 12:17 PM
EXISTING APPROCH
To securing the Routing Protocol
Validate routing updates
Verify their authenticity Accuracy Consistency
1/30/2013 12:17 PM
EXISTING APPROCH
BGP
It has no mechanism for Authenticity of the Information or Accuracy of the information it distributes
1/30/2013 12:17 PM
EXISTING APPROCH
S BGP
By digital Signature
Centralized Registry
1/30/2013 12:17 PM
Secure TraceRoute
Normal Traceroute STR has various Specifications of Packet
1. Hop by hop as the normal traceroute protocol. 2. Reply the node establishes a shared key for encrypted authenticated Communication 3. Agreed identifying marker in the reply as secure traceroute ACK 4. MAC with addition to marker to ensure authentication origin
1/30/2013 12:17 PM NETWORKING IS THE HEART OF COMMUNICATION 7
Secure TraceRoute
CheckS3
Check S4
Check S5 S D
R1
R2
OK R3
R3
OK R4
R4
R5
R6
NOT OK
Flagged as faulty
8
Secure TraceRoute
Iterative process of above steps leads to
A Complete route is determined A faulty linked is found
Secure trace route is more expensive To make it cost effective we can start at the point where traceroute indicates a problem.
1/30/2013 12:17 PM
1/30/2013 12:17 PM
10
1/30/2013 12:17 PM
11
1/30/2013 12:17 PM
12
1/30/2013 12:17 PM
14
1/30/2013 12:17 PM
16
Routing Asymmetry
Internet Routing is Asymmetry This creates two problems
1. End node may not be knowing about its inability to communicate to its peer host because of network problem in one direction or opposite direction or in both direction. 2. It also affects secure traceroute performance.
1/30/2013 12:17 PM
17
Routing Asymmetry
Impact on the end host complaint process
A receives Bs packet but not the ACK for As Packet A B,B A The same B receives packet form A but not the ACK for Bs packet A B,B A Another case the both A and B does not receive packets. A B,B A.
1/30/2013 12:17 PM
18
Routing Asymmetry
Impact on Secure traceroute
Two types of difficulties we are facing
A receives Bs packet but not the ACK for As Packet A B,B A After establishing the channel, a new problem may arise between A to B.
In both the cases two routers may not be able to establish complete connection.
1/30/2013 12:17 PM
19
Routing Asymmetry
Solution IP source routing Worst case : if B is not able communicate to A- rerouting in new route
1/30/2013 12:17 PM
20
Attacks
There are number of Potential Attacks against the Approach. Some are
Unresponsive end host Malicious router may adjust its disruptive behaviour so as to avoid detection
1/30/2013 12:17 PM
21
Conclusion
Not only a secured routing protocol but also well behaved Packet forwarding is Needed
1/30/2013 12:17 PM
22
THANKYOU
Q U R I E S ?
REFERENCES: 1. WWW.NETVMG.COM 2. WWW.ROUTESCIENCE.COM 3. WWW.SOCKEYE.COM 4. RFC 3221 5. PERISITENT ROUTE COLLISIONS IN INTERDOMAINROUTING, COMPUTER NETWORKS,2000
1/30/2013 12:17 PM
23