Finding the Faulty or Malicious Router

By,

K.Prakash R.Aneesh Kumar MEPCO

1/30/2013 12:17 PM NETWORKING IS THE HEART OF COMMUNICATION 1

Introduction
Network routing is vulnerable to disruptions This cannot be avoided by having a Secure routing Protocol

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

Topics
Existing Approach Secure TraceRoute Authenticating Secure Traceroute Using the Secure TraceRoute Routing Asymmetry Attacks

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

EXISTING APPROCH
To securing the Routing Protocol
Validate routing updates
Verify their authenticity Accuracy Consistency

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

EXISTING APPROCH
BGP
It has no mechanism for Authenticity of the Information or Accuracy of the information it distributes

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

EXISTING APPROCH
S BGP
By digital Signature

Centralized Registry

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

Secure TraceRoute
Normal Traceroute STR has various Specifications of Packet
1. Hop by hop as the normal traceroute protocol. 2. Reply the node establishes a shared key for encrypted authenticated Communication 3. Agreed identifying marker in the reply as secure traceroute ACK 4. MAC with addition to marker to ensure authentication origin
1/30/2013 12:17 PM NETWORKING IS THE HEART OF COMMUNICATION 7

Secure TraceRoute
CheckS3

Check S4
Check S5 S D

R1

R2
OK R3

R3
OK R4

R4

R5

R6

NOT OK

R2 initiates the secure traceroute

1/30/2013 12:17 PM NETWORKING IS THE HEART OF COMMUNICATION

Flagged as faulty
8

Secure TraceRoute
Iterative process of above steps leads to
A Complete route is determined A faulty linked is found

Secure trace route is more expensive To make it cost effective we can start at the point where traceroute indicates a problem.

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

Authenticating Secure Traceroute

Public Key Infrastructure using Standard Protocols Web of Trust techniques can be used Key severs

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

10

Using the Secure TraceRoute

We have proposed a Five stage process
1. 2. 3. 4. 5. Complaint Complaint Evaluation Normal Traceroute Secure Traceroute Problem Correction

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

11

Using the Secure TraceRoute

Complaint
End host can send its traffic by setting the complaint Bit Source address spoofing

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

12

Using the Secure TraceRoute

Complaint Evaluation
If a routers complaint level goes high-then the receiving router can initiate the investigation It can starts its investigation by itself (Complaining router) but its better to be done by its down stream. Each router waits for a random number of time before its investigation
1/30/2013 12:17 PM NETWORKING IS THE HEART OF COMMUNICATION 13

Using the Secure TraceRoute

Normal Secure traceroute
It is the first step in the investigation Path returned by a normal traceroute may be completely misleading or intercepted by malicious router or successful path. This information can be the start point

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

14

Using the Secure TraceRoute

Secure traceroute
To verify the route, the secure traceroute is initiated Two cases
Normal traceroute gives the successful path then secure traceroute is cheep. If normal traceroute has been terminated prematurely then secure traceroute is stated with the closest node to the point of failure.

Note: path is given by Normal traceroute is not authenticated

1/30/2013 12:17 PM NETWORKING IS THE HEART OF COMMUNICATION 15

Using the Secure TraceRoute

Problem Correction
Routing around Notifying to down stream routes Human intervention

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

16

Routing Asymmetry
Internet Routing is Asymmetry This creates two problems
1. End node may not be knowing about its inability to communicate to its peer host because of network problem in one direction or opposite direction or in both direction. 2. It also affects secure traceroute performance.

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

17

Routing Asymmetry
Impact on the end host complaint process
A receives Bs packet but not the ACK for As Packet A B,B A The same B receives packet form A but not the ACK for Bs packet A B,B A Another case the both A and B does not receive packets. A B,B A.

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

18

Routing Asymmetry
Impact on Secure traceroute
Two types of difficulties we are facing
A receives Bs packet but not the ACK for As Packet A B,B A After establishing the channel, a new problem may arise between A to B.

In both the cases two routers may not be able to establish complete connection.

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

19

Routing Asymmetry
Solution IP source routing Worst case : if B is not able communicate to A- rerouting in new route

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

20

Attacks
There are number of Potential Attacks against the Approach. Some are
Unresponsive end host Malicious router may adjust its disruptive behaviour so as to avoid detection

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

21

Conclusion

Not only a secured routing protocol but also well behaved Packet forwarding is Needed

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

22

THANKYOU
Q U R I E S ?
REFERENCES: 1. WWW.NETVMG.COM 2. WWW.ROUTESCIENCE.COM 3. WWW.SOCKEYE.COM 4. RFC 3221 5. PERISITENT ROUTE COLLISIONS IN INTERDOMAINROUTING, COMPUTER NETWORKS,2000

1/30/2013 12:17 PM

NETWORKING IS THE HEART OF COMMUNICATION

23