Transcript Secure Routing

Challenge: Securing
Routing Protocols
Adrian Perrig
[email protected]
Why Secure Routing?
 Deployed routing protocols assume a


trusted environment!
Even misconfigurations can severely
disrupt routing protocols
Secure routing properties
 Reduce misconfiguration impact
 Robust against compromised nodes
(Byzantine failures)
 Only legitimate nodes participate in forwarding
 Prevent attackers from injecting bogus routes
Secure Routing Illustration
C
G
J
A
D
S
E
I
B
H
F
Secure Ad Hoc Network Routing Protocols
 SEAD: Secure Efficient Ad hoc Distance
vector routing protocol [WMCSA 2002]
 Ariadne: secure on-demand routing protocol
[Mobicom 2002]
 New routing attacks
 Wormhole attack [Infocom 2003]
 Rushing attack
 Joint work with Yih-Chun Hu and David Johnson
Secure Sensor Network Routing
 Challenges
 Energy constraints invite DoS attacks
 Memory and bandwidth constraints prevent using
sophisticated routing protocols
 Compromised nodes may inject malicious
messages or drop data traffic
 Current approach: combine probabilistic
routing with multi-path routing
Secure Internet Routing
 Challenges
 Legacy systems
 Untrusted domains, complicated trust
relationships
 Even misconfigurations can significantly perturb
Internet routing
 Current project: use efficient cryptographic
techniques to verify BGP routing updates
Research Directions
 Today we enumerate attacks and protect
against them
 To start securing BGP, RPsec IETF working group
is establishing a list of BGP vulnerabilities
 We need to establish metrics
 Allows comparison of protocols
 Study security properties vs performance
 Measure effectiveness of DoS attacks
• E.g., in sensor networks: attacker energy / network
energy