SlideShare a Scribd company logo

Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing

Download as PPTX, PDF
V
vpnmentor

Cyberspace is comprised of all existing computers and devices communicating over computer networks. This makes network security a key ingredient of cybersecurity, and a highly important topic, both with respect to research and to understanding industry best practices. The Bar-Ilan Center for Applied Cryptography and Cyber Security is therefore hosting a Focus Day on Network Security, where we will discuss both academic and practical aspects of the field, including an overview of some of the practical network security issues faced by operators and cybersecurity firms.

Internet
1 of 101
Michael Schapira* *School of Computer Science and Engineering, Hebrew U *Hebrew U’s Cybersecurity Research Center *Fraunhofer Project Center for Cybersecurity @ Hebrew U (How) Can We Secure Internet Routing?
2 • The Internet infrastructure is alarmingly insecure • Designed without security in mind • Security not even on the horizon (yet!) 3 stories, 1 theme
3 • Naming/addressing with the Domain Name System (DNS) – DNS = the Internet’s phone book – google.com = ? • Routing with the Border Gateway Protocol (BGP) – BGP = the Internet’s google maps / Waze • The Network Time Protocol (NTP) – NTP = the Internet’s global clock 3 stories, 1 theme
• The Internet is becoming ever-more important • Yet, today’s Internet is surprisingly fragile – suboptimal, insecure, unpredictable, … • And new challenges just keep piling up… The Internet Only Just Works
Applications: Internet infrastructure: routing, congestion control, naming,… (TCP/IP, BGP, DNS, OSPF, ECMP,…) Technologies: constant innovation stagnant! constant innovation Why Only Just Works?
6 • Replace the Internet! – Throw cryptography at the problem – Top-down approach – BGPSEC, DNSSEC, … • Security not even on the horizon because of – meager benefits in partial adoption – costly changes to network (e.g., new hardware) – much room for human error – … Today’s Approach to Securing the Internet
7 “The Bureau … is charged with improving the defense of national infrastructures critical to the continuation of normal life in the State of Israel and to protect them … from cyber attack” (INCB website) “Douglas Maughan, cybersecurity research program manager for the DHS’s Science and Technology Directorate ... had little luck convincing ISPs and router vendors to take steps to secure BGP.” (“The Internet’s Biggest Security Hole”, WIRED 2008) Can Israel be Secure?
8 • Unique opportunity – focus on nation-state security (INCB, BSI) – strong foundations (research, gov’t) • But… a paradigm shift is needed Yes We Can
9 3 (Sub-)Projects Hermes Securing Internet Routing with BGP Dionysus Securing Naming/Addressing with DNS Chronos Securing Network Time with NTP
10 • Internet routing as an example • A very appropriate example… This Talk
11 • Part I: Internet routing with BGP • Part II: BGP (in)security • Part III: Today’s approach is failing • Part IV: How can BGP be made secure? (if time permits, I’ll also talk about This Talk
• New approaches, new models (security measures, economic incentives, …) – empirical validation – see survey of 100 network operators in [Gill-S-Goldberg, CCR 2012] • Theoretical impossibility results… – even for simple models… • Extensive experimental analysis – custom algorithms: optimized, parallelized – multiple sensitivity and robustness tests – see report on new algorithms and experimental framework in [Gill-S-Goldberg, CCR 2012] Tackling These Questions
13 Disclaimer The views and opinions expressed in this presentation are those of the presenter and do not necessarily reflect the official views or position of the Hebrew University or any agency of the Israeli government.
Part I: Internet Routing with BGP 14
The Internet Ecosystem
Google Verizon Comcast AT&T Over 50,000 Autonomous Systems (ASes) Range from small businesses and schools (e.g., HUJI) to large, multinational, corporations (e.g., Google, Microsoft) Inter-Net: A Network of Networks
AS-level topology – Nodes are Autonomous Systems (ASes) – Edges are links and business relationships 1 2 3 4 5 67 Client Web server Autonomous Systems
• ASes sign bilateral long-term contracts. – How much traffic to carry – Which destinations to reach – How much money to pay • Neighboring pairs of ASes typically have: – a customer-provider relationship, or – a peering relationship. peer provider customer peer The Commercial Internet
• More types of business relationships… • Content providers (e.g., Google) can have their own backbone network • Content Delivery Networks (CDNs)… • Internet exchange points (IXPs)… Real Life is More Complex…
Google Verizon Comcast AT&T • Interdomain: Between ASes – across different entities • Intradomain: Within a single AS – all network devices belong to the same entity Intradomain vs. Interdomain
Google Verizon Comcast AT&T • Interdomain routing establishes routes between ASes • Currently handled by the Border Gateway Protocol (BGP) Interdomain Routing with BGP
BGP ≠ Shortest-Path Routing! Google Verizon Comcast AT&T I want to avoid routes through Comcast if possible I won’t carry traffic between AT&T and Verizon I want a cheap route I want short routes
BGP is Crucial! • The glue that holds the Internet together • A few anecdotes: – Almost 50% of VoIP disruptions are BGP-related! – Every year or so a serious BGP-related Internet outage makes the news! – BGP is notoriously vulnerable to attacks…
AS 2 AS 4 AS 1 AS 3 AS 5 AS 1, IP addresses X AS 1, IP addresses X AS 4, AS 3, AS 1, IP addresses X AS 2, AS 1, IP addresses X IP Prefix • The destination announces itself to its neighbors • Routes to the destination are built hop-by-hop as reachability information propagates through the network • Route selection based on local routing policies ? BGP Routing Overview AS 3, AS 1, IP addresses X
$ Verizon 43284 UPC Init 7 AG Zurich 20984 $ $ $ $ IP Prefix customer peer peer provider Routing Model (Gao-Rexford)
Verizon 43284 UPC Init 7 AG Zurich 20984 UPC, Prefix UPC, Prefix Init 7, UPC, Prefix 43284, Init 7, UPC, Prefix Verizon, UPC, Prefix IP Prefix $ $ 1) Prefer revenue generating routes 2) Prefer shorter routes Routing Model (Gao-Rexford)
Verizon 43284 UPC Init 7 AG Zurich 20984 20984,Verizon, UPC, Prefix IP Prefix $ $ X Losing $$ UPC, Prefix UPC, Prefix Init 7, UPC, Prefix 43284, Init 7, UPC, Prefix Verizon, UPC, Prefix 1) Prefer revenue generating routes 2) Prefer shorter routes 3) Do not carry transit traffic for free Routing Model (Gao-Rexford)
• Thm [Gao-Rexford]: In the Gao- Rexford model, BGP dynamics are guaranteed to converge to a unique stable routing configuration. BGP Routing Outcomes
Part II: BGP (In)Security AS 2 AS 1 I’m YouTube No, I’m YouTube!
30 Repeated attacks against major financial institutions and governments in Europe and the US An Anecdote
Rare Incident? Not Really! 31
• To disconnect victim from the Internet (large corporation, nation state, …) • To be a man-in-the-middle (snoop on traffic, tamper with traffic, …) • To impersonate the victim • To hide under someone else’s identity • To attack protocols/mechanisms that utilize Internet routing (BitCoin, DNS, …) • … Why Do this?
Another Anecdote February 2008: Pakistan Telecom hijacks YouTube! YouTube Pakistan Telecom The Internet I’m YouTube: IP addresses: ****
What should have happened… YouTube Pakistan Telecom X drop packets I’m YouTube: IP addresses: **** Another Anecdote
What did happen… YouTube Pakistan Telecom Pakistan Telecom No, I’m YouTube! IP addresses: **** I’m YouTube: IP addresses: **** Another Anecdote
The InternetAS 1 AS 666 My IP addresses are *** No, my IP addresses are ***! Attack: Hijacking IP Addresses
The InternetAS 1 AS 666 Attack: Manipulating the BGP Path AS 1 is my neighbor My IP addresses are ***
• The attacker needs – a router with a BGP session to an AS – … configured to originate the prefix • This could happen because – a network operator makes configuration mistake – an insider launches an attack – an outsider breaks into the router – … or a black market of BGP routers… Who Can Launch Such an Attack?
Naïve attack: Announce the shortest path I can to all neighbors a $m Is the Naïve Attack Optimal? Can’t lie about my business relationship with a, so I might as well announce the shortest path I can.
Naïve attack: Announce the shortest path I can to all neighbors a $m Sometimes longer paths are better! So, our results underestimate damage. Sometimes not announcing is better! Is the Naïve Attack Optimal? Can’t lie about my business relationship with a, so I might as well announce the shortest path I can.
• The victim AS doesn’t necessarily see the problem • May not cause loss of connectivity – e.g., if the bogus AS snoops and redirects • Even if detected, how can such attacks be stopped? – a polite phone call? – the “wall metaphor” is not appropriate here • How can this be rectified? Attacks on BGP are Hard to Detect/Prevent
AS 1 AS 3 v AS 2 m IP v, Prefix v, Prefix m IP Prefix v m, Prefix m, Prefix A secure database maps IP prefixes to owner ASes Proposed Solution: The Resource Public Key Infrastructure (RPKI)
AS 1 AS 3 v AS 2 m IP v, Prefix v, Prefix m IP Prefix v m, v, Prefix m, v, Prefix Does RPKI Solve the Problem?
Public Key Signature: Anyone who knows v’s public key can verify that the message was sent by v. a1 a2 v a3 m IP Prefix a1: (v, IP addresses X) a1: (v, IP addresses X) m: (a1, v, IP addresses X) BGPSEC to the Rescue!
Part III: Why Today’s Approach is Failing • Goldberg-S-Hummon-Rexford, SIGCOMM 2010 • Gill-S-Goldberg, CCR 2012 • Lychev-S-Goldberg, SIGCOMM 2013 • Gilad-Cohen-Herzberg-Schapira-Shulman, NDSS 2017
• Step 1: Create a secure DB (<6%) – RPKI: Organizations -> Internet addresses • Step 2: Replace BGP (0%) – BGPsec BGP Security is a Distant Dream
• RPKI: Resource Public Key Infrastructure • Intuition: a secure “phone book” • Maps IP addresses to ASes that own them. (AS number, IP addresses) RPKI Revisited
• RPKI: Resource Public Key Infrastructure • Intuition: a secure “phone book” • Maps IP prefixes to ASes that own them. • Very low adoption RPKI Revisited
Discarding Bogus Routes with RPKI AS 1 v, IP addresses: **** m IP addresses v m, IP addresses: **** According to RPKI, m’s a liar!
Our answers rely on a combination of 1. a survey network practitioners 2. extensive empirical analyses 50 Why is RPKI adoption so slow?
• Hypothesis I: technical and logistic barriers (e.g., inter-organizational dependencies) • Hypothesis II: Insufficient value 51 Nope, most of the Internet could adopt tomorrow! (check out roalert.org! [Yossi Gilad, Daniel Davidovich]) Indeed. The chicken and egg problem… (Almost) no one bothers to register its addresses into RPKI (< 6%) (Almost) no one uses RPKI to filter “bad” routes (?) Why is RPKI adoption so slow?
Route-Origin Validation (ROV): use the RPKI to discard route-advertisements from unauthorized ASes BGP Routers RPKI cache RPKI Autonomous System 52 But how can we tell whether an AS employs RPKI-based filtering?
We gain empirical insights regarding ROV enforcement via RPKI-invalid BGP advertisements We monitored BGP paths from multiple vantage points afforded by 44 Route Views sensors² ² http://www.routeviews.org/ 53 ROV Adoption Measurements
Measurements: Non-Filtering ASes ASes that propagate invalid BGP advertisements do not perform filtering *This presentation provides examples based on empirical data. 54 42926 1299 RV sensor RV sensor IP addresses Y 9121 1239 4637 15003 6416 IP addresses X AS 15003 and AS 42926 advertise in BGP the RPKI-invalid IP addresses X and Y 6939
Measurements: Non-Filtering ASes ASes that propagate invalid BGP advertisements do not perform filtering 55 15003 IP addresses X 42926 1299 RV sensor RV sensor IP addresses Y Route Views sensor observes “bad” route to X AS path: 4637, 6416, 15003 9121 6939 1239 4637 6416 Route Views sensor observes “bad” route to Y AS path: 6939, 1299, 9121, 42926
Measurements: Non-Filtering ASes ASes that propagate invalid BGP advertisements do not perform filtering 56 15003 IP addresses X 42926 1299 RV sensor RV sensor IP addresses Y 9121 6939 1239 4637 6416 ASes that don’t filter invalid advertisements colored red
Measurements: Filtering ASes Seek ASes that advertise both “good” & “invalid” routes. Conclude that an AS performs ROV if it discards “bad” advertisements, but relays “good” ones, from 3 origins 42926 1299 RV sensor RV sensor IP addresses Y 9121 6939 1239 IP addresses Y AS 42926 announces another BGP advertisement for prefix Y 4637 57 15003 IP addresses X 6416
15003 6416 Measurements: Filtering ASes 42926 1299 RV sensor RV sensor IP addresses Y Route Views sensor observes ``good’’ route to: Y AS path: 4637, 1239, 9121, 42926 9121 6939 1239 4637 IP addresses Y AS 42926 announces another BGP advertisement for prefix Y 58 IP addresses X Seek ASes that advertise both “good” & “invalid” routes. Conclude that an AS performs ROV if it discards “bad” advertisements, but relays “good” ones, from 3 origins
15003 6416 Measurements: Filtering ASes 42926 1299 RV senso r RV senso r 185.70.84.0/24 9121 6939 1239 4637 79.98.130.0/24 Conclude: AS 1239 receives adv. from AS 42926, but did not relay the invalid one (only non-red AS on legitimate adv. path) 42926 1299 RV sensor RV sensor 9121 6939 1239 4637 59 Seek ASes that advertise both “good” & “invalid” routes. Conclude that an AS performs ROV if it discards “bad” advertisements, but relays “good” ones, from 3 origins
Measurements: Results Our measurement techniques provide a view of ROV enforcement amongst the ASes at the core of the Internet – since ASes at the core are likely to be on the paths covered by the Rout Views sensors At least 80 of top 100 ISPs do not perform ROV 60
Survey Results An anonymized survey of over 100 network operators and security practitioners • advertised in different mailing lists, including ‘closed’ lists • 80% of respondents are network operators/managers and most of the others are security/networking consultants Do you apply RPKI- based route-origin validation? 61
• ~30% of information in RPKI is “incorrect” as a result of human error… • RPKI-based filtering disconnects legitimate destinations!  the very same “attack” RPKI aims to prevent • RPKI does not even always protect those in the system Also, (Justified) Mistrust in RPKI!
Obstacles to Deployment: Human Error Concern about mistakes in the RPKI also reflected in our survey results: What are your main concerns regarding executing RPKI-based origin authentication in your network? 63
• We ran simulations to quantify security: – empirically-derived AS-level network from CAIDA • Including inferred peering links [Giotsas et al., SIGCOMM’13] – using the simulation framework in [Gill et al., CCR’12] • We measured the attacker success rate – in terms of #ASes attracted – for different attack scenarios – for different ROV deployment scenarios – averaged over 1M randomly chosen attacker/victim pairs 64 Quantify Security in Partial Adoption
Quantify Security in Partial Adoption Adoption by the top 100 ISPs makes a huge difference! • Comparison between two scenarios: – today’s status, as reflected by our measurements – all top 100 ISPs perform ROV • Each other AS does ROV with fixed probability 65
Bottom line: ROV enforcement by the top ISPs is both necessary and sufficient for substantial security benefits from RPKI 66 Quantify Security in Partial Adoption
67 BGP RPKI (origin authentication) BGPSEC • In deployment • Crypto done offline • In standardization • Crypto done online What does (partially-deployed) BGPSEC offer over RPKI? (Or, is the juice worth the squeeze?) SecurityBenefits(Juice) BGP and BGPSEC coexistence  Road to BGPSEC full-deployment is very tricky because introducing security only partially introduces new vulnerabilities  Not fully deployed BGPSEC provides only meagre benefits over RPKI Landscape of BGP Defenses
A Sprint 2828 4323 D Siemens IP addresses X P/S P/S P/S P/S Should Sprint choose the long secure path OR the short insecure one? P/S P/S ?Secure ASes must accept legacy insecure routes Depends on the interaction between BGPSEC and routing policies! RPKI A, D IP addresses X What Happens in Partial BGPSEC Deployment?
A Sprint 2828 4323 D Siemens 69.63.176.0/24 P/S P/S P/S P/S Should Sprint choose the long secure path OR the short insecure one? Secure ASes must accept legacy insecure routes A, D IP addresses X Before attack, Sprint has a legitimate secure route During attack, Sprint downgrades to a bogus route What Happens in Partial BGPSEC Deployment?
• BGPSEC in partial deployment introduces new vulnerabilities 1. “protocol downgrade attacks” 2. security not monotone! 3. instabilities • BGPSEC provides meagre benefits over RPKI even if over 50% of ASes adopt! – using our security measure Is the Juice Worth the Squeeze?
Part IV: How Can We Secure BGP Routing • Cohen-Gilad-Herzberg-Schapira, HotNets 2015 • Cohen-Gilad-Herzberg-Schapira, SIGCOMM 2016 • Cohen-Gilad-Herzberg-Schapira-Shulman, upcoming
Hermes: Securing Internet Routing (BGP)
Constraints on design space: • Easily deployable – No changes to routers – Software only • Fully automated – No human errors • Significant benefits in partial deployment Wanted: ANew Paradigm for BGP Security
Hermes Components • Automating RPKI certification with DISCO • Path-end validation d IP addresses d IP addresses certified
DISCO: Intuition Organizational Network Agent Router Registrar C1 C2 I own Internet (IP) addresses X Prove it!
DISCO: Intuition Organizational Network Organizational Network Agent Router Agent Router Registrar Securing routing via insecure routing?
DISCO Certification Success Rate r PO Days till Certification PA 1000s Years till Certification 3 0.3 16.46 10-4 0.13 5 0.26 19.19 2.1*10-6 6.66 7 0.23 22.02 4.2*10-8 323 9 0.2 25.01 9*10-10 15,243 11 0.18 28.22 1.9*10-11 706,182 13 0.16 31.68 4.2*10-13 32,300,076 15 0.14 35.41 9.3*10-15 1,468,884,419
Path-End Validation • An easily deployable alternative to BGPSEC • Significant benefits in partial deployment
Path-End Validation • RPKI provides origin authentication • Path-end validation also authenticates the “last hop” A radical departure from BGPSEC d v a Prefix RPKI Did d approve reaching it via v? BGPSEC Design Choices and Summary of Supporting Discussions draft-sriram-bgpsec-design-choices-08
AS 1 1.2.3.0/24 Router AS 2 4.5.6.0/24 Router The Internet RPKI Repository AS 10 AS 20 Path-End Validation
AS 1 1.2.3.0/24 Router AS 2 Router The Internet RPKI Repository AS 10 AS 20 10 20 Path-End Validation
AS 1 1.2.3.0/24 Router AS 2 Router The Internet RPKI Repository AS 10 AS 20 Path-end Records ip as-path access-list as1 deny _[^(10|20)]_1_ ip as-path access-list allow-all permit Path-End Validation
Router Configuration • Compatible with today’s routers • Only one rule per-AS – An order of magnitude less rules than origin authentication with RPKI The implementation can be found at: https://github.com/routingsec/pathend AS 2 Router ip as-path access-list as1 deny _[^(10|20)]_1_ ip as-path access-list allow-all permit
Adopter Legacy Provider Custome r Legend • AS 666 wants to attract AS 3’s traffic to IP prefix 1.2.3.0/24, but… – It can’t lie about business relationship – It can’t announce that it owns the prefix or is AS 1’s neighbor – It has to launch 2-hop attack: (666,2,1,prefix) AS 3 Attacker, AS 666 Victim, AS 1 1.2.3.0/24 AS 2 4 4.5 3.5 Intuition for Path-End Validation
• Path-end validation is not restricted BGPSEC! – Offline vs. online – Keep message format and use today’s routers • Important implications for security – AS 666 launches a next-AS attack against AS 1 • Not prevented by BGPsec • Prevented by path-end validation AS 3 Attacker, AS 666 Victim, AS 1 1.2.3.0/24 AS 2 Adopter Legacy Provider Custome r Legend Path-End Validation vs. BGPSEC
Simulation Framework • Empirically-derived AS-level network from CAIDA – Including inferred peering links [Giotsas et al., SIGCOMM’13] • Evaluate fraction of ASes an attacker can attract – Under different adoption scenarios – Under different attacks • Using the simulation framework in [Gill et al., CCR’12]
Simulation Results
Simulation Results
Simulation Results
Benefits from Local Deployment
Impact of k-Hop Attacks BGP (no authentication) Origin authentication (RPKI) Path-end validation 2-hop validation
Additional Results • Large content providers are better protected • Path-end validation mitigates high profile incidents • Security monotone – BGPsec is not [Lychev et al., SIGCOMM’13]
Summary • Today’s agenda for securing BGP routing faces significant hurdles • A new paradigm for securing Internet routing – Readily deployable – Effective under very partial deployment
Thanks!
Measuring and MitigatingAS-level AdversariesAgainst Tor Rishab Nithyanand, Oleksii Starov, Adva Zair, Michael Schapira, and Phillipa Gill, NDSS 2016 95Source AS Destination AS
Anonymity on the Internet • Challenge: By observing Internet traffic one can infer who is talking to whom – Meta data is the message! – Track communications over time… • …behaviors, interests, activities • Tor aims to solve this Tor Entry Exit Middle Tor circuit is constructed out of three Tor routers/relays Does not know source Does not know destination Which user is visiting the site? Internet routing dynamics make timing attacks easier than you’d think!
TimingAttacks & Routing 97Source AS AS1 AS2 AS3 AS4 AS5 Entry relay Exit relay Destination AS AS2
98 Method: • Use VPN to connect to 200 sites (100 popular, 100 likely censored) through Tor • Examine AS-level paths between source and destination and chosen entry/exit relays. 53% of sites have at least some content delivered over a vulnerable Tor circuit How often does Tor pick a vulnerable path?
Solution: Astoria • Choose an entry/exit relay to avoid attackers – Usually there is such an option • Otherwise, use a linear program to minimize damage – Choose probabilistically to minimize the amount of data observed by an adversary over time Additional considerations: • Path computations need to be done on the client • ASes may collude (e.g., sibling ASes, state-level actors) • Minimize performance impact – Cannot pre-construct circuits as in vanilla Tor  • Being a good network citizen: don’t overload popular relays 99
100 Fraction of sites with content delivered over vulnerable circuits decreases from 53% to 8% with Astoria Astoria: Results
What’s next? • Interview with cryptographer Tibor Jager on TLS, attacks, and countermeasures • An Interview with That One Privacy Guy- The Man Behind That One Privacy Site • Interview with Researcher Thyla Van Der Merwe on TLS and Online Privacy 101

Recommended

On the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard ModelOn the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard Modelvpnmentor
 
A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...vpnmentor
 
Alternative cryptocurrencies
Alternative cryptocurrencies Alternative cryptocurrencies
Alternative cryptocurrencies vpnmentor
 
Smart contracts and applications part I
Smart contracts and applications part ISmart contracts and applications part I
Smart contracts and applications part Ivpnmentor
 
Mining pools and attacks
Mining pools and attacksMining pools and attacks
Mining pools and attacksvpnmentor
 
Alternative cryptocurrencies
Alternative cryptocurrenciesAlternative cryptocurrencies
Alternative cryptocurrenciesvpnmentor
 
Smart contracts and applications part II
Smart contracts and applications part IISmart contracts and applications part II
Smart contracts and applications part IIvpnmentor
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 

Recommended

On the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard ModelOn the Security of TLS-DHE in the Standard Model
On the Security of TLS-DHE in the Standard Modelvpnmentor
 
A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...A research-oriented introduction to the cryptographic currencies (starting wi...
A research-oriented introduction to the cryptographic currencies (starting wi...vpnmentor
 
Alternative cryptocurrencies
Alternative cryptocurrencies Alternative cryptocurrencies
Alternative cryptocurrencies vpnmentor
 
Smart contracts and applications part I
Smart contracts and applications part ISmart contracts and applications part I
Smart contracts and applications part Ivpnmentor
 
Mining pools and attacks
Mining pools and attacksMining pools and attacks
Mining pools and attacksvpnmentor
 
Alternative cryptocurrencies
Alternative cryptocurrenciesAlternative cryptocurrencies
Alternative cryptocurrenciesvpnmentor
 
Smart contracts and applications part II
Smart contracts and applications part IISmart contracts and applications part II
Smart contracts and applications part IIvpnmentor
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 72018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7FRSecure
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaHai Nguyen
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Slides internet technology
Slides internet technologySlides internet technology
Slides internet technologyInexk Pedrero
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
PLNOG 21: Doug Madory - Analyzing_a_Volatile_Internet
PLNOG 21: Doug Madory - Analyzing_a_Volatile_InternetPLNOG 21: Doug Madory - Analyzing_a_Volatile_Internet
PLNOG 21: Doug Madory - Analyzing_a_Volatile_InternetPROIDEA
 
Download It
Download ItDownload It
Download Itwebhostingguy
 
Where are we with Securing the Routing System?
Where are we with Securing the Routing System?Where are we with Securing the Routing System?
Where are we with Securing the Routing System?APNIC
 
How Internet Peering Improves Security
How Internet Peering Improves SecurityHow Internet Peering Improves Security
How Internet Peering Improves SecurityWilliam Norton
 
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity materialNune SrinivasRao
 
Simplified Networking and Troubleshooting for K-12 Teachers
Simplified Networking and Troubleshooting for K-12 TeachersSimplified Networking and Troubleshooting for K-12 Teachers
Simplified Networking and Troubleshooting for K-12 Teacherswebhostingguy
 
Dmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomDmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomPositive Hack Days
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
IoT overview 2014
IoT overview 2014IoT overview 2014
IoT overview 2014Mirko Presser
 
Bluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap VelpuruBluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap Velpurukashyap velpuru
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data DATA SECURITY SOLUTIONS
 
Welcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaWelcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaAPNIC
 
On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter vpnmentor
 
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung HanHomomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Hanvpnmentor
 

More Related Content

Similar to Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing

How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikPositive Hack Days
 
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 72018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7FRSecure
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaHai Nguyen
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveIKT-Norge
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Slides internet technology
Slides internet technologySlides internet technology
Slides internet technologyInexk Pedrero
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
PLNOG 21: Doug Madory - Analyzing_a_Volatile_Internet
PLNOG 21: Doug Madory - Analyzing_a_Volatile_InternetPLNOG 21: Doug Madory - Analyzing_a_Volatile_Internet
PLNOG 21: Doug Madory - Analyzing_a_Volatile_InternetPROIDEA
 
Where are we with Securing the Routing System?
Where are we with Securing the Routing System?Where are we with Securing the Routing System?
Where are we with Securing the Routing System?APNIC
 
How Internet Peering Improves Security
How Internet Peering Improves SecurityHow Internet Peering Improves Security
How Internet Peering Improves SecurityWilliam Norton
 
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity materialNune SrinivasRao
 
Simplified Networking and Troubleshooting for K-12 Teachers
Simplified Networking and Troubleshooting for K-12 TeachersSimplified Networking and Troubleshooting for K-12 Teachers
Simplified Networking and Troubleshooting for K-12 Teacherswebhostingguy
 
Dmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomDmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomPositive Hack Days
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Bluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap VelpuruBluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap Velpurukashyap velpuru
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data DATA SECURITY SOLUTIONS
 
Welcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaWelcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaAPNIC
 

Similar to Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing (20)

How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
How to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey GordeychikHow to hack a telecommunication company and stay alive. Sergey Gordeychik
How to hack a telecommunication company and stay alive. Sergey Gordeychik
 
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 72018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapela
 
Henrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspectiveHenrik Strøm - IPv6 from the attacker's perspective
Henrik Strøm - IPv6 from the attacker's perspective
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
Slides internet technology
Slides internet technologySlides internet technology
Slides internet technology
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
PLNOG 21: Doug Madory - Analyzing_a_Volatile_Internet
PLNOG 21: Doug Madory - Analyzing_a_Volatile_InternetPLNOG 21: Doug Madory - Analyzing_a_Volatile_Internet
PLNOG 21: Doug Madory - Analyzing_a_Volatile_Internet
 
Download It
Download ItDownload It
Download It
 
Where are we with Securing the Routing System?
Where are we with Securing the Routing System?Where are we with Securing the Routing System?
Where are we with Securing the Routing System?
 
How Internet Peering Improves Security
How Internet Peering Improves SecurityHow Internet Peering Improves Security
How Internet Peering Improves Security
 
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity materialwirelesssecurity material
wirelesssecurity materialwirelesssecurity materialwirelesssecurity material
 
Simplified Networking and Troubleshooting for K-12 Teachers
Simplified Networking and Troubleshooting for K-12 TeachersSimplified Networking and Troubleshooting for K-12 Teachers
Simplified Networking and Troubleshooting for K-12 Teachers
 
Dmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a TelecomDmitry Kurbatov. Five Nightmares for a Telecom
Dmitry Kurbatov. Five Nightmares for a Telecom
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
IoT overview 2014
IoT overview 2014IoT overview 2014
IoT overview 2014
 
Bluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap VelpuruBluetooth low energy- Kashyap Velpuru
Bluetooth low energy- Kashyap Velpuru
 
Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data Botprobe - Reducing network threat intelligence big data
Botprobe - Reducing network threat intelligence big data
 
Welcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, MongoliaWelcome to the APNIC Member Gathering, Mongolia
Welcome to the APNIC Member Gathering, Mongolia
 

More from vpnmentor

On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter vpnmentor
 
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung HanHomomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Hanvpnmentor
 
Review of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak MaheshwariReview of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak Maheshwarivpnmentor
 
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwarivpnmentor
 
Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3vpnmentor
 
TLS: Past, Present, Future
TLS: Past, Present, FutureTLS: Past, Present, Future
TLS: Past, Present, Futurevpnmentor
 
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 EncryptionOn the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryptionvpnmentor
 

More from vpnmentor (7)

On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter On the Bit Security of Cryptographic Primitives. by Michael Walter
On the Bit Security of Cryptographic Primitives. by Michael Walter
 
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung HanHomomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
Homomorphic Lower Digit Removal and Improved FHE Bootstrapping by Kyoohyung Han
 
Review of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak MaheshwariReview of Previous ETAP Forums - Deepak Maheshwari
Review of Previous ETAP Forums - Deepak Maheshwari
 
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
India’s National Biometrics ID - Presented by Mr. Deepak Maheshwari
 
Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3Automated Analysis of TLS 1.3
Automated Analysis of TLS 1.3
 
TLS: Past, Present, Future
TLS: Past, Present, FutureTLS: Past, Present, Future
TLS: Past, Present, Future
 
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 EncryptionOn the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 v1.5 Encryption
 

Recently uploaded

Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...akbard9823
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 

Recently uploaded (20)

Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 

Michael schapira - Hebrew University Jeruslaem - Secure Internet Routing

  • 1. Michael Schapira* *School of Computer Science and Engineering, Hebrew U *Hebrew U’s Cybersecurity Research Center *Fraunhofer Project Center for Cybersecurity @ Hebrew U (How) Can We Secure Internet Routing?
  • 2. 2 • The Internet infrastructure is alarmingly insecure • Designed without security in mind • Security not even on the horizon (yet!) 3 stories, 1 theme
  • 3. 3 • Naming/addressing with the Domain Name System (DNS) – DNS = the Internet’s phone book – google.com = ? • Routing with the Border Gateway Protocol (BGP) – BGP = the Internet’s google maps / Waze • The Network Time Protocol (NTP) – NTP = the Internet’s global clock 3 stories, 1 theme
  • 4. • The Internet is becoming ever-more important • Yet, today’s Internet is surprisingly fragile – suboptimal, insecure, unpredictable, … • And new challenges just keep piling up… The Internet Only Just Works
  • 5. Applications: Internet infrastructure: routing, congestion control, naming,… (TCP/IP, BGP, DNS, OSPF, ECMP,…) Technologies: constant innovation stagnant! constant innovation Why Only Just Works?
  • 6. 6 • Replace the Internet! – Throw cryptography at the problem – Top-down approach – BGPSEC, DNSSEC, … • Security not even on the horizon because of – meager benefits in partial adoption – costly changes to network (e.g., new hardware) – much room for human error – … Today’s Approach to Securing the Internet
  • 7. 7 “The Bureau … is charged with improving the defense of national infrastructures critical to the continuation of normal life in the State of Israel and to protect them … from cyber attack” (INCB website) “Douglas Maughan, cybersecurity research program manager for the DHS’s Science and Technology Directorate ... had little luck convincing ISPs and router vendors to take steps to secure BGP.” (“The Internet’s Biggest Security Hole”, WIRED 2008) Can Israel be Secure?
  • 8. 8 • Unique opportunity – focus on nation-state security (INCB, BSI) – strong foundations (research, gov’t) • But… a paradigm shift is needed Yes We Can
  • 9. 9 3 (Sub-)Projects Hermes Securing Internet Routing with BGP Dionysus Securing Naming/Addressing with DNS Chronos Securing Network Time with NTP
  • 10. 10 • Internet routing as an example • A very appropriate example… This Talk
  • 11. 11 • Part I: Internet routing with BGP • Part II: BGP (in)security • Part III: Today’s approach is failing • Part IV: How can BGP be made secure? (if time permits, I’ll also talk about This Talk
  • 12. • New approaches, new models (security measures, economic incentives, …) – empirical validation – see survey of 100 network operators in [Gill-S-Goldberg, CCR 2012] • Theoretical impossibility results… – even for simple models… • Extensive experimental analysis – custom algorithms: optimized, parallelized – multiple sensitivity and robustness tests – see report on new algorithms and experimental framework in [Gill-S-Goldberg, CCR 2012] Tackling These Questions
  • 13. 13 Disclaimer The views and opinions expressed in this presentation are those of the presenter and do not necessarily reflect the official views or position of the Hebrew University or any agency of the Israeli government.
  • 16. Google Verizon Comcast AT&T Over 50,000 Autonomous Systems (ASes) Range from small businesses and schools (e.g., HUJI) to large, multinational, corporations (e.g., Google, Microsoft) Inter-Net: A Network of Networks
  • 17. AS-level topology – Nodes are Autonomous Systems (ASes) – Edges are links and business relationships 1 2 3 4 5 67 Client Web server Autonomous Systems
  • 18. • ASes sign bilateral long-term contracts. – How much traffic to carry – Which destinations to reach – How much money to pay • Neighboring pairs of ASes typically have: – a customer-provider relationship, or – a peering relationship. peer provider customer peer The Commercial Internet
  • 19. • More types of business relationships… • Content providers (e.g., Google) can have their own backbone network • Content Delivery Networks (CDNs)… • Internet exchange points (IXPs)… Real Life is More Complex…
  • 20. Google Verizon Comcast AT&T • Interdomain: Between ASes – across different entities • Intradomain: Within a single AS – all network devices belong to the same entity Intradomain vs. Interdomain
  • 21. Google Verizon Comcast AT&T • Interdomain routing establishes routes between ASes • Currently handled by the Border Gateway Protocol (BGP) Interdomain Routing with BGP
  • 22. BGP ≠ Shortest-Path Routing! Google Verizon Comcast AT&T I want to avoid routes through Comcast if possible I won’t carry traffic between AT&T and Verizon I want a cheap route I want short routes
  • 23. BGP is Crucial! • The glue that holds the Internet together • A few anecdotes: – Almost 50% of VoIP disruptions are BGP-related! – Every year or so a serious BGP-related Internet outage makes the news! – BGP is notoriously vulnerable to attacks…
  • 24. AS 2 AS 4 AS 1 AS 3 AS 5 AS 1, IP addresses X AS 1, IP addresses X AS 4, AS 3, AS 1, IP addresses X AS 2, AS 1, IP addresses X IP Prefix • The destination announces itself to its neighbors • Routes to the destination are built hop-by-hop as reachability information propagates through the network • Route selection based on local routing policies ? BGP Routing Overview AS 3, AS 1, IP addresses X
  • 25. $ Verizon 43284 UPC Init 7 AG Zurich 20984 $ $ $ $ IP Prefix customer peer peer provider Routing Model (Gao-Rexford)
  • 26. Verizon 43284 UPC Init 7 AG Zurich 20984 UPC, Prefix UPC, Prefix Init 7, UPC, Prefix 43284, Init 7, UPC, Prefix Verizon, UPC, Prefix IP Prefix $ $ 1) Prefer revenue generating routes 2) Prefer shorter routes Routing Model (Gao-Rexford)
  • 27. Verizon 43284 UPC Init 7 AG Zurich 20984 20984,Verizon, UPC, Prefix IP Prefix $ $ X Losing $$ UPC, Prefix UPC, Prefix Init 7, UPC, Prefix 43284, Init 7, UPC, Prefix Verizon, UPC, Prefix 1) Prefer revenue generating routes 2) Prefer shorter routes 3) Do not carry transit traffic for free Routing Model (Gao-Rexford)
  • 28. • Thm [Gao-Rexford]: In the Gao- Rexford model, BGP dynamics are guaranteed to converge to a unique stable routing configuration. BGP Routing Outcomes
  • 29. Part II: BGP (In)Security AS 2 AS 1 I’m YouTube No, I’m YouTube!
  • 30. 30 Repeated attacks against major financial institutions and governments in Europe and the US An Anecdote
  • 31. Rare Incident? Not Really! 31
  • 32. • To disconnect victim from the Internet (large corporation, nation state, …) • To be a man-in-the-middle (snoop on traffic, tamper with traffic, …) • To impersonate the victim • To hide under someone else’s identity • To attack protocols/mechanisms that utilize Internet routing (BitCoin, DNS, …) • … Why Do this?
  • 33. Another Anecdote February 2008: Pakistan Telecom hijacks YouTube! YouTube Pakistan Telecom The Internet I’m YouTube: IP addresses: ****
  • 34. What should have happened… YouTube Pakistan Telecom X drop packets I’m YouTube: IP addresses: **** Another Anecdote
  • 35. What did happen… YouTube Pakistan Telecom Pakistan Telecom No, I’m YouTube! IP addresses: **** I’m YouTube: IP addresses: **** Another Anecdote
  • 36. The InternetAS 1 AS 666 My IP addresses are *** No, my IP addresses are ***! Attack: Hijacking IP Addresses
  • 37. The InternetAS 1 AS 666 Attack: Manipulating the BGP Path AS 1 is my neighbor My IP addresses are ***
  • 38. • The attacker needs – a router with a BGP session to an AS – … configured to originate the prefix • This could happen because – a network operator makes configuration mistake – an insider launches an attack – an outsider breaks into the router – … or a black market of BGP routers… Who Can Launch Such an Attack?
  • 39. Naïve attack: Announce the shortest path I can to all neighbors a $m Is the Naïve Attack Optimal? Can’t lie about my business relationship with a, so I might as well announce the shortest path I can.
  • 40. Naïve attack: Announce the shortest path I can to all neighbors a $m Sometimes longer paths are better! So, our results underestimate damage. Sometimes not announcing is better! Is the Naïve Attack Optimal? Can’t lie about my business relationship with a, so I might as well announce the shortest path I can.
  • 41. • The victim AS doesn’t necessarily see the problem • May not cause loss of connectivity – e.g., if the bogus AS snoops and redirects • Even if detected, how can such attacks be stopped? – a polite phone call? – the “wall metaphor” is not appropriate here • How can this be rectified? Attacks on BGP are Hard to Detect/Prevent
  • 42. AS 1 AS 3 v AS 2 m IP v, Prefix v, Prefix m IP Prefix v m, Prefix m, Prefix A secure database maps IP prefixes to owner ASes Proposed Solution: The Resource Public Key Infrastructure (RPKI)
  • 43. AS 1 AS 3 v AS 2 m IP v, Prefix v, Prefix m IP Prefix v m, v, Prefix m, v, Prefix Does RPKI Solve the Problem?
  • 44. Public Key Signature: Anyone who knows v’s public key can verify that the message was sent by v. a1 a2 v a3 m IP Prefix a1: (v, IP addresses X) a1: (v, IP addresses X) m: (a1, v, IP addresses X) BGPSEC to the Rescue!
  • 45. Part III: Why Today’s Approach is Failing • Goldberg-S-Hummon-Rexford, SIGCOMM 2010 • Gill-S-Goldberg, CCR 2012 • Lychev-S-Goldberg, SIGCOMM 2013 • Gilad-Cohen-Herzberg-Schapira-Shulman, NDSS 2017
  • 46. • Step 1: Create a secure DB (<6%) – RPKI: Organizations -> Internet addresses • Step 2: Replace BGP (0%) – BGPsec BGP Security is a Distant Dream
  • 47. • RPKI: Resource Public Key Infrastructure • Intuition: a secure “phone book” • Maps IP addresses to ASes that own them. (AS number, IP addresses) RPKI Revisited
  • 48. • RPKI: Resource Public Key Infrastructure • Intuition: a secure “phone book” • Maps IP prefixes to ASes that own them. • Very low adoption RPKI Revisited
  • 49. Discarding Bogus Routes with RPKI AS 1 v, IP addresses: **** m IP addresses v m, IP addresses: **** According to RPKI, m’s a liar!
  • 50. Our answers rely on a combination of 1. a survey network practitioners 2. extensive empirical analyses 50 Why is RPKI adoption so slow?
  • 51. • Hypothesis I: technical and logistic barriers (e.g., inter-organizational dependencies) • Hypothesis II: Insufficient value 51 Nope, most of the Internet could adopt tomorrow! (check out roalert.org! [Yossi Gilad, Daniel Davidovich]) Indeed. The chicken and egg problem… (Almost) no one bothers to register its addresses into RPKI (< 6%) (Almost) no one uses RPKI to filter “bad” routes (?) Why is RPKI adoption so slow?
  • 52. Route-Origin Validation (ROV): use the RPKI to discard route-advertisements from unauthorized ASes BGP Routers RPKI cache RPKI Autonomous System 52 But how can we tell whether an AS employs RPKI-based filtering?
  • 53. We gain empirical insights regarding ROV enforcement via RPKI-invalid BGP advertisements We monitored BGP paths from multiple vantage points afforded by 44 Route Views sensors² ² http://www.routeviews.org/ 53 ROV Adoption Measurements
  • 54. Measurements: Non-Filtering ASes ASes that propagate invalid BGP advertisements do not perform filtering *This presentation provides examples based on empirical data. 54 42926 1299 RV sensor RV sensor IP addresses Y 9121 1239 4637 15003 6416 IP addresses X AS 15003 and AS 42926 advertise in BGP the RPKI-invalid IP addresses X and Y 6939
  • 55. Measurements: Non-Filtering ASes ASes that propagate invalid BGP advertisements do not perform filtering 55 15003 IP addresses X 42926 1299 RV sensor RV sensor IP addresses Y Route Views sensor observes “bad” route to X AS path: 4637, 6416, 15003 9121 6939 1239 4637 6416 Route Views sensor observes “bad” route to Y AS path: 6939, 1299, 9121, 42926
  • 56. Measurements: Non-Filtering ASes ASes that propagate invalid BGP advertisements do not perform filtering 56 15003 IP addresses X 42926 1299 RV sensor RV sensor IP addresses Y 9121 6939 1239 4637 6416 ASes that don’t filter invalid advertisements colored red
  • 57. Measurements: Filtering ASes Seek ASes that advertise both “good” & “invalid” routes. Conclude that an AS performs ROV if it discards “bad” advertisements, but relays “good” ones, from 3 origins 42926 1299 RV sensor RV sensor IP addresses Y 9121 6939 1239 IP addresses Y AS 42926 announces another BGP advertisement for prefix Y 4637 57 15003 IP addresses X 6416
  • 58. 15003 6416 Measurements: Filtering ASes 42926 1299 RV sensor RV sensor IP addresses Y Route Views sensor observes ``good’’ route to: Y AS path: 4637, 1239, 9121, 42926 9121 6939 1239 4637 IP addresses Y AS 42926 announces another BGP advertisement for prefix Y 58 IP addresses X Seek ASes that advertise both “good” & “invalid” routes. Conclude that an AS performs ROV if it discards “bad” advertisements, but relays “good” ones, from 3 origins
  • 59. 15003 6416 Measurements: Filtering ASes 42926 1299 RV senso r RV senso r 185.70.84.0/24 9121 6939 1239 4637 79.98.130.0/24 Conclude: AS 1239 receives adv. from AS 42926, but did not relay the invalid one (only non-red AS on legitimate adv. path) 42926 1299 RV sensor RV sensor 9121 6939 1239 4637 59 Seek ASes that advertise both “good” & “invalid” routes. Conclude that an AS performs ROV if it discards “bad” advertisements, but relays “good” ones, from 3 origins
  • 60. Measurements: Results Our measurement techniques provide a view of ROV enforcement amongst the ASes at the core of the Internet – since ASes at the core are likely to be on the paths covered by the Rout Views sensors At least 80 of top 100 ISPs do not perform ROV 60
  • 61. Survey Results An anonymized survey of over 100 network operators and security practitioners • advertised in different mailing lists, including ‘closed’ lists • 80% of respondents are network operators/managers and most of the others are security/networking consultants Do you apply RPKI- based route-origin validation? 61
  • 62. • ~30% of information in RPKI is “incorrect” as a result of human error… • RPKI-based filtering disconnects legitimate destinations!  the very same “attack” RPKI aims to prevent • RPKI does not even always protect those in the system Also, (Justified) Mistrust in RPKI!
  • 63. Obstacles to Deployment: Human Error Concern about mistakes in the RPKI also reflected in our survey results: What are your main concerns regarding executing RPKI-based origin authentication in your network? 63
  • 64. • We ran simulations to quantify security: – empirically-derived AS-level network from CAIDA • Including inferred peering links [Giotsas et al., SIGCOMM’13] – using the simulation framework in [Gill et al., CCR’12] • We measured the attacker success rate – in terms of #ASes attracted – for different attack scenarios – for different ROV deployment scenarios – averaged over 1M randomly chosen attacker/victim pairs 64 Quantify Security in Partial Adoption
  • 65. Quantify Security in Partial Adoption Adoption by the top 100 ISPs makes a huge difference! • Comparison between two scenarios: – today’s status, as reflected by our measurements – all top 100 ISPs perform ROV • Each other AS does ROV with fixed probability 65
  • 66. Bottom line: ROV enforcement by the top ISPs is both necessary and sufficient for substantial security benefits from RPKI 66 Quantify Security in Partial Adoption
  • 67. 67 BGP RPKI (origin authentication) BGPSEC • In deployment • Crypto done offline • In standardization • Crypto done online What does (partially-deployed) BGPSEC offer over RPKI? (Or, is the juice worth the squeeze?) SecurityBenefits(Juice) BGP and BGPSEC coexistence  Road to BGPSEC full-deployment is very tricky because introducing security only partially introduces new vulnerabilities  Not fully deployed BGPSEC provides only meagre benefits over RPKI Landscape of BGP Defenses
  • 68. A Sprint 2828 4323 D Siemens IP addresses X P/S P/S P/S P/S Should Sprint choose the long secure path OR the short insecure one? P/S P/S ?Secure ASes must accept legacy insecure routes Depends on the interaction between BGPSEC and routing policies! RPKI A, D IP addresses X What Happens in Partial BGPSEC Deployment?
  • 69. A Sprint 2828 4323 D Siemens 69.63.176.0/24 P/S P/S P/S P/S Should Sprint choose the long secure path OR the short insecure one? Secure ASes must accept legacy insecure routes A, D IP addresses X Before attack, Sprint has a legitimate secure route During attack, Sprint downgrades to a bogus route What Happens in Partial BGPSEC Deployment?
  • 70. • BGPSEC in partial deployment introduces new vulnerabilities 1. “protocol downgrade attacks” 2. security not monotone! 3. instabilities • BGPSEC provides meagre benefits over RPKI even if over 50% of ASes adopt! – using our security measure Is the Juice Worth the Squeeze?
  • 71. Part IV: How Can We Secure BGP Routing • Cohen-Gilad-Herzberg-Schapira, HotNets 2015 • Cohen-Gilad-Herzberg-Schapira, SIGCOMM 2016 • Cohen-Gilad-Herzberg-Schapira-Shulman, upcoming
  • 73. Constraints on design space: • Easily deployable – No changes to routers – Software only • Fully automated – No human errors • Significant benefits in partial deployment Wanted: ANew Paradigm for BGP Security
  • 74. Hermes Components • Automating RPKI certification with DISCO • Path-end validation d IP addresses d IP addresses certified
  • 77. DISCO Certification Success Rate r PO Days till Certification PA 1000s Years till Certification 3 0.3 16.46 10-4 0.13 5 0.26 19.19 2.1*10-6 6.66 7 0.23 22.02 4.2*10-8 323 9 0.2 25.01 9*10-10 15,243 11 0.18 28.22 1.9*10-11 706,182 13 0.16 31.68 4.2*10-13 32,300,076 15 0.14 35.41 9.3*10-15 1,468,884,419
  • 78. Path-End Validation • An easily deployable alternative to BGPSEC • Significant benefits in partial deployment
  • 79. Path-End Validation • RPKI provides origin authentication • Path-end validation also authenticates the “last hop” A radical departure from BGPSEC d v a Prefix RPKI Did d approve reaching it via v? BGPSEC Design Choices and Summary of Supporting Discussions draft-sriram-bgpsec-design-choices-08
  • 80. AS 1 1.2.3.0/24 Router AS 2 4.5.6.0/24 Router The Internet RPKI Repository AS 10 AS 20 Path-End Validation
  • 81. AS 1 1.2.3.0/24 Router AS 2 Router The Internet RPKI Repository AS 10 AS 20 10 20 Path-End Validation
  • 82. AS 1 1.2.3.0/24 Router AS 2 Router The Internet RPKI Repository AS 10 AS 20 Path-end Records ip as-path access-list as1 deny _[^(10|20)]_1_ ip as-path access-list allow-all permit Path-End Validation
  • 83. Router Configuration • Compatible with today’s routers • Only one rule per-AS – An order of magnitude less rules than origin authentication with RPKI The implementation can be found at: https://github.com/routingsec/pathend AS 2 Router ip as-path access-list as1 deny _[^(10|20)]_1_ ip as-path access-list allow-all permit
  • 84. Adopter Legacy Provider Custome r Legend • AS 666 wants to attract AS 3’s traffic to IP prefix 1.2.3.0/24, but… – It can’t lie about business relationship – It can’t announce that it owns the prefix or is AS 1’s neighbor – It has to launch 2-hop attack: (666,2,1,prefix) AS 3 Attacker, AS 666 Victim, AS 1 1.2.3.0/24 AS 2 4 4.5 3.5 Intuition for Path-End Validation
  • 85. • Path-end validation is not restricted BGPSEC! – Offline vs. online – Keep message format and use today’s routers • Important implications for security – AS 666 launches a next-AS attack against AS 1 • Not prevented by BGPsec • Prevented by path-end validation AS 3 Attacker, AS 666 Victim, AS 1 1.2.3.0/24 AS 2 Adopter Legacy Provider Custome r Legend Path-End Validation vs. BGPSEC
  • 86. Simulation Framework • Empirically-derived AS-level network from CAIDA – Including inferred peering links [Giotsas et al., SIGCOMM’13] • Evaluate fraction of ASes an attacker can attract – Under different adoption scenarios – Under different attacks • Using the simulation framework in [Gill et al., CCR’12]
  • 90. Benefits from Local Deployment
  • 91. Impact of k-Hop Attacks BGP (no authentication) Origin authentication (RPKI) Path-end validation 2-hop validation
  • 92. Additional Results • Large content providers are better protected • Path-end validation mitigates high profile incidents • Security monotone – BGPsec is not [Lychev et al., SIGCOMM’13]
  • 93. Summary • Today’s agenda for securing BGP routing faces significant hurdles • A new paradigm for securing Internet routing – Readily deployable – Effective under very partial deployment
  • 95. Measuring and MitigatingAS-level AdversariesAgainst Tor Rishab Nithyanand, Oleksii Starov, Adva Zair, Michael Schapira, and Phillipa Gill, NDSS 2016 95Source AS Destination AS
  • 96. Anonymity on the Internet • Challenge: By observing Internet traffic one can infer who is talking to whom – Meta data is the message! – Track communications over time… • …behaviors, interests, activities • Tor aims to solve this Tor Entry Exit Middle Tor circuit is constructed out of three Tor routers/relays Does not know source Does not know destination Which user is visiting the site? Internet routing dynamics make timing attacks easier than you’d think!
  • 97. TimingAttacks & Routing 97Source AS AS1 AS2 AS3 AS4 AS5 Entry relay Exit relay Destination AS AS2
  • 98. 98 Method: • Use VPN to connect to 200 sites (100 popular, 100 likely censored) through Tor • Examine AS-level paths between source and destination and chosen entry/exit relays. 53% of sites have at least some content delivered over a vulnerable Tor circuit How often does Tor pick a vulnerable path?
  • 99. Solution: Astoria • Choose an entry/exit relay to avoid attackers – Usually there is such an option • Otherwise, use a linear program to minimize damage – Choose probabilistically to minimize the amount of data observed by an adversary over time Additional considerations: • Path computations need to be done on the client • ASes may collude (e.g., sibling ASes, state-level actors) • Minimize performance impact – Cannot pre-construct circuits as in vanilla Tor  • Being a good network citizen: don’t overload popular relays 99
  • 100. 100 Fraction of sites with content delivered over vulnerable circuits decreases from 53% to 8% with Astoria Astoria: Results
  • 101. What’s next? • Interview with cryptographer Tibor Jager on TLS, attacks, and countermeasures • An Interview with That One Privacy Guy- The Man Behind That One Privacy Site • Interview with Researcher Thyla Van Der Merwe on TLS and Online Privacy 101