David M. Nicol - PowerPoint PPT Presentation

1 / 19

About This Presentation

Title:

David M. Nicol

Description:

Each router has entry for every announced network prefix ... Every BGP router is supposed to know how to get to every advertised prefix ... – PowerPoint PPT presentation

Number of Views:50

Avg rating:3.0/5.0

Slides: 20

Provided by: rwa67

Learn more at: https://www.cs.sandia.gov

Category:

more less

Transcript and Presenter's Notes

Title: David M. Nicol

1
Network Security Research Using High Performance
Simulation

David M. Nicol
Assoc. Director RD, ISTS
Professor of Computer Science, Dartmouth

2
My First Car

1967 VW Microbus
Mine was yellow, with spots of black primer
Car repair, Control Data Corporation style

3
We Count Tera-Xs Too (courtesy of George Riley)

Packet view of Internet
110M hosts, 1.1M routers
50/50 modem/10Mpbs ethernet connectivity by
hosts
Router-Router
50 10Mbs, 40 100Mbs
5 655Mpbs, 5 2.4Gbs
Link utilization
50 host-router
10 router-router
1 hosts connected at a time
Avg packet size 5000 bits

These assumptions imply
0.3 Tera-events/sec
At 1M evts/sec/CPU, 300K execution secs/model
second
290 Terabytes memory, just for traffic in flight
This analysis is
conservative
already 1.5 years old

4
Internet Scale Problems Require Supercomputing

Major DoD networks use commercial infrastructure
Vulnerable to co-location, e.g. peering hotels,
shared fiber
Large set of heterogeneous networks, analysis
requires detailed representation
Securing Routing Infrastructure
Each router has entry for every announced network
prefix
Memory demands grow as a square of network size
Routing convergence depends on topology
Assessing cyber-attack effects on routing
Recent worms use entire Internet, must be
represented at some level

5
Large-scale Network Simulation using SSF

SSF - scalable simulation framework
Java and C APIs
Framework for domains
Execution on shared memory clusters
Widely used, ported to many platforms
Applications
DDoS attacks/defenses
BGP black-hole attacks
Worm propagation and effect on routing
Security of BGP

6
Speedup DaSSF (C)

Figure of merit tied to rate of network
simulation work.
640K concurrent TCP sessions delivered (one per
host)
Many more TCP sessions possible by colocation
Linear speedup on COTS cluster computer. Speedup
is nearly 31 of 32

7
BGP Primer

Internet is a confederation of Autonomous
Systems (each AS originates various prefixes of
Internet addressing space)
Traffic flow between them is dynamically
maintained Boundary Gateway Protocol is the
glue
Every BGP router is supposed to know how to get
to every advertised prefix
A BGP router bases the routes it advertises on
the routes its peers advertise
A Session reset is the re-establishment of a
relationship between two peers---happens
following a router reboot, or re-establishment of
a TCP session between them
Global information propagation
Any AS being difficult to get to will cause a
great deal of BGP update traffic.

8
Efficient Securing of BGP Path Advertisements

Problem Efficient authentication of BGP path in
advertisement
202.128.0.0/14 703 17 34
Without authentication, AS path can be spoofed
By an intruder masquerading as a peer
Prefix origination can be spoofed
Various attacks block hole, sniffing, economic,
DoS
A solution is to apply authentication at every
hop in the path
202.128.0.0/14 703 17 34
s(h(703 17)) s(h(17 34))
s(h(202.128.0.0/14 34))
Source/destination must be signed to defeat cut
and paste attack
A rogue peer R observes announcement A -gtB,
copies it and sends to D
Multiple signatures every announcement

9
S-BGP Cost analysis

Crypto costs (RSA, 1024-bit modulus,SHA-1 hash)
Signature approx. 512 modular exponentiations
and 1024 squaring
Verification 2 large exponentiations and small
(17) squarings
Hash linear in the length of the hashed data
Outbound crypto operation costs
Separate hash signature for every peer
Inbound crypto operation costs
hash and verification of each hop
High connectivity and long paths make this very
costly

10
The Cost of Crypto Matters

Convergence time is affected by extra cost each
advertisement
Experiment (using SSFNet)
110 AS graph reduced from internet topology, avg
degree 5.2, max degree 20
Max degree AS crashes, reboots
Measure time needed for paths to AS to all settle
Behavior as function of MRAI considered
Timing costs of crypto operations obtained from
instrumentation

11
Signature Amortization Reduction of Crypto
Operations

Outbound cost reduction
Aggregation across peers
Describe output set of peers with a bit vector
Sign one message extensionbit vector, send to
all peers
Aggregation across UPDATES
Each MRAI release, use hash-tree to sign all
unsigned UPDATES that are waiting
Inbound cost reduction
Lazy verification

12
Behavior of Convergence time
13
S-BGP Simulation on Cluster Computers

Run on COTS cluster
16 2-CPU nodes, 1GB/node
512 AS model 7.6Gb memory needed
Run on ORNL Eagle and Cheetah clusters
8 Cheetah nodes (used 14 cpus _at_)
8 Eagle nodes (4 cpus _at_)
Probably a uniquely inefficient use of these
machines!
Implementation Issues
BGP simulator is in Java communication, garbage
collection

14
Interaction of Worms and Routing Infrastructure
15
Motivation

Is there a causal connection between large-scale
worm infestations and BGP update message surges?

Observed correlation Cowie et al., 02
Globally visible BGP update bursts
Correlated with Code Red v2 Nimda
Similar occurrence during Slammer

16
Application Explanation of worm/BGP interaction

Variable resolution modeling of worm propagation
and effect on BGP
Diversity of scan traffic explains empirical
observations

Increasing model resolution
scan traffic
session resets
BGP updates
Worm Epidemic
Router stress
BGP
17
Worm/BGP experimentsBGP when worm spreads
worm-gtreset-gtadvertisements