Security of Network Routing Protocols. December 12, 2003 Final Project Presentation William M. Banick III

Transcription

1 Security of Network Routing Protocols December 12, 2003 Final Project Presentation William M. Banick III

2 Background - Networks Subnet Subnet 1 1 Subnet Subnet 3 3 LAN LAN LAN LAN Layer 3 Addressing Layer 3 Addressing Router Router Layer 3 Addressing Subnet Subnet 2 2 WAN WAN Layer 3, the OSI network layer, provides end-to-end addressing so packet of data can be routed across networks. Layer 3, the OSI network layer, provides end-to-end addressing so packet of data can be routed across networks. Routers use layer 3 addressing to route traffic between different networks. Routers use layer 3 addressing to route traffic between different networks. Routers communicate with one another using routing protocols. Routers communicate with one another using routing protocols. 2

3 Background OSI Network Model OSI Layer OSI Layer Name Function Application Presentation Session User networking applications Encoding transmission Job management tracking 4 Transport Data tracking as moves through network Network Data Link Physical Network addressing and packet Transmission on network Frame transmission across a Physical link (LAN or WAN) Transmission method of bits on The physical connection medium 3

4 Routing Routing Table E0 0 4

5 Distance Vector Routing E0 S0 S0 S1 S0 E0 Routing Table E S S0 1 Routers discover the best path to destination networks based on accumulated metrics from each neighbor Routers discover the best path to destination networks based on accumulated metrics from each neighbor 5

6 Distance Vector Routing Common distance vector routing protocols Routing Information Protocol (RIP). Uses only hop count metric as determination of best way to a remote network. Maximum allowable hop count is 15 so 16 is deemed unreachable. Effective in small networks but is not used in large networks with slow WAN links or networks with large number of routers. Enhanced Interior Gateway Routing Protocol (EIGRP) CISCO Inc. proprietary distance vector routing protocol. Need CISCO equipment to support but windows 2000 now supports it since Microsoft bought a license from Cisco to use the protocol. Maximum hop count of 255. Overcomes RIP scalability issue with large networks. Uses bandwidth and delay of the line by default as a metric for determining the best route to an inter network. This is called a composite metric. 6

7 Routing Protocol Vulnerabilities Insecure Corporate Network Corporate Network server Remote Office Router CORE mail router Remote Office LAN Server LAN Compromised Corporate Network Intruder LAN Remote Office Router Fake mail server Intruder Router Remote Office LAN Corporate Network 7

8 Distance Vector Routing Secure Operation Issues Routing Vulnerabilities Routing updates can be fabricated, modified, replayed, deleted and snooped Unauthorized routers Unauthorized routers participate in routing protocol message stream Subverted links Intruder gains access to network and subverts control of the network links and then manipulates routing messages Masquerading routers Masquerading routers then steal TCP session information to perform source routing attack Subverted routers Made to run unauthorized software or unauthorized router configurations that then alter or change the network topology Result Denial of service attack through the alteration of network configuration or topology 8

9 Distance Vector Routing Security: MD5 Authentication. EIGRP Packet Shared Secret MD5 Fingerprint Shared Secret MD5 Fingerprint 9

10 Distance Vector Routing Security : Network Layer Encryption OSI Layer Placement of Encryption Advantages Costs Application Application layer encryption Data Link Encryption on devices outside router Network Layer Users control encryption Application independence of encryption Maintain network quality of service Layer ¾ information remains clear for routing Selective encrypt specific traffic Encrypt FTP traffic but not HTTP traffic Each application must support All hosts with which the application communicates must speak same encryption language Must decrypt traffic before it enters router. Does not leave IP addresses in clear for routing need to encrypt and decrypt several times Increased network delays Security compromises since routers have clear text Router CPU overhead Maintenance of crypto maps in router (access list to be used to define traffic to be encrypted) Choice of implementing encryption in three layers of OSI model: application, data link or network Choice of implementing encryption in three layers of OSI model: application, data link or network Advantages and cost to encrypting at each layer Advantages and cost to encrypting at each layer Network layer offers application independence, flexibility but overhead on routers Network layer offers application independence, flexibility but overhead on routers 10

11 Summary of Current Routing Protocol Security Routing Protocol Protection Encryption Allows traffic to be specified for encryption by source and destination address Granularity allows saving of CPU cycles Digital signatures Use of MD5 hash algorithm to assign a hash fingerprint to a message Assures that content of message has not been altered Ensures that only trusted network devices form adjacencies. Diffie-Hellman Key Exchange Key exchange mechanism Prevents key interception by using two known prime numbers and then establishing a mathematical relationship to make it possible to agree on shared key 11

12 Advances in Securing Routing Protocols Additional Routing Protection Countermeasures Add sequence information to updates New sequence information added to route output from routing selection process Protects against replay of old routing information Add predecessor information to updates Include information in routing table about second-to-last hop (predecessor) Distance vector algorithms already uses this information to compute loop-free path Include with each router update then perform path traversal to verify the integrity of the route 12

13 Security Effectiveness of Routing Protocol Countermeasures Countermeasure Effectiveness Countermeasure Digital signature Impact on Routing Security Threats Protects routing distance vector routing messages from fabrication, modification and disclosure to intruders Predecessor information Sequence number Protect routers which do not have encryption Validate link in the internet and then with routing table can validate path of a route Protects against replay by a network intruder 13

14 Cost Analysis Countermeasure Cost Digital signature Space per message: Each routing message grows by a 128 bit digital signature Time per message: Digital signature computed once for each routing message generated by a router and validate once by receiving router Time per update: Computed once for each link of receiving router Predecessor information Space per update: Each routing message grows by 64 bit predecessor field Sequence number Time per update: Predecessor filed of update differs for each interface of the originating router Time per destination: Each selection of a new path to a destination requires a path traversal Space per message: Each message grows by a 32 bit timestamp 14

15 Conclusion Routing Protocol Protection Countermeasures provide additional protection beyond standard corporate physical security measures Encryption and digital signatures address weaknesses in routing protocol security Protects messages from fabrication, modification or replay by intruders through such means as: Masquerading routers Unauthorized routers Subverted routes Sequence number countermeasure used to indicate how recent a route update is: Accept updates only if have higher sequence number than metric (hop count) or equal sequence number and lower hop count than current route table entry. 15