scion: a secure internet architecture · internet weakness: dos and ddos attacks expensive and...
TRANSCRIPT
![Page 1: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/1.jpg)
SCION: A Secure Internet ArchitectureAdrianPerrig
NetworkSecurityGroup,ETHZürichAnapayaSystems
![Page 2: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/2.jpg)
Internet Weakness: DoS and DDoS Attacks▪ Expensive and difficult to protect against DoS und DDoS attacks▪ Despite large investments, attacks continue to be successful• November 2015: Protonmail attacked during 1 week • March 2016: CH e-commerce under attack: Digitec, Galaxus,
SBB, Migros, etc. (Hackers demanded 25 Bitcoins to stop attacks)• Fall 2016: Global Mirai botnet attacks, e.g., OVH, Dyn, russian
banks • June 2017: Northkorea “Hidden Cobra” botnet uncovered• September 2017: Global airport chaos, DDoS paralyzes checkin
systems▪ Can we reliably defend against DDoS attacks?
2
![Page 3: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/3.jpg)
Internet Weakness: Communication Path Hijacking
▪ Sender und receiver have limited control over routing paths▪ Attacks can hijack and relay paths ▪ How can we guarantee communication paths?
3
![Page 4: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/4.jpg)
Internet Weakness: Kill Switch ruptures Sovereignty
▪ Current Internet suffers from several “Kill Switches”, which can halt communication within a geographical area
▪ Several attack avenues exist: DDoS, BGP hijacking, DNS redirection, BGPSEC / DNSSEC / TLS certificate revocation
▪ Example August 2017: An erroneous route injected by Google prevents communication for 50% of Internet in Japan during 40 minutes
▪ Can we construct an Internet without Kill Switches?
4
![Page 5: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/5.jpg)
SCION Architecture Design Goals▪ High availability, even for networks with malicious parties• Adversary: access to management plane of router• Communication should be available if adversary-free path exists▪ Secure entity authentication
that scales to global heterogeneous (dis)trusted environment▪ Flexible trust: enable selection of trust roots▪ Transparent operation: clear what is happening to packets and whom
needs to be relied upon for operation▪ Balanced control among ISPs, senders, and receivers▪ Scalability, efficiency, flexibility
![Page 6: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/6.jpg)
Approach for Scalability: Isolation Domain (ISD)▪ Isolation Domain (ISD): grouping of ASes▪ ISD core: ASes that manage the ISD▪ Core AS: AS that is part of ISD core▪ Control plane is organized hierarchically▪ Inter-ISD control plane▪ Intra-ISD control plane
6
TRC
TRC
TRC
TRC
TRC
![Page 7: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/7.jpg)
Intra-ISD Path Exploration: Beaconing▪ Core ASes K, L, M initiate
Path-segment Construction Beacons (PCBs), or “beacons”
▪ PCBs traverse ISD as a flood to reach downstream ASes
▪ Each AS receives multiple PCBs representing path segments to a core AS
7
Q
R
N
L
S
K
PO
M
![Page 8: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/8.jpg)
Up-Path Segment Registration▪ AS selects path
segments to announce as up-path segments for local hosts
▪ Up-path segments are registered at local path servers
8
Q
R
N
L
S
K
PO
M
Path server
![Page 9: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/9.jpg)
Down-Path Segment Registration▪ AS selects path
segments to announce as down-path segments for others to use to communicate with AS
▪ Down-path segments are uploaded to core path server in core AS
9
Q
R
N
L
S
K
PO
M
Corepath
server
![Page 10: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/10.jpg)
Path Creation: Local ISD▪ Client requests path segments to <ISD,
AS> from local path server▪ If down-path segments are not locally
cached, local path server send request to core path server
▪ Local path server replies▪ Up-path segments to local ISD core
ASes▪ Down-path segments to <ISD, AS>▪ Core-path segments as needed to
connect up-path and down-path segments
Q
R
N
L
S
K
PO
M
![Page 11: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/11.jpg)
Inter-ISD Path Exploration: Sample Core-Path Segments from AS T
11
Q
R
V
CD
F
G
E
H
N
L
S
W
A B
I J
ZY
X
K
PO
M
T U
D’
C’
E’A’
B’
![Page 12: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/12.jpg)
Path Creation: Remote ISD▪ Host contacts local path
server requesting <ISD, AS>
▪ If path segments are not cached, local path server will contact core path server
▪ If core path server does not have path segments cached, it will contact remote core path server
▪ Finally, host receives up-, core-, and down-segments
Q
R
V
N
L
S
WZY
X
K
PO
M
T U
D’
C’
E’A’
B’
![Page 13: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/13.jpg)
No Global Coordination Required for Adoption▪ SCION re-uses current local network infrastructure▪ Requires setup of routers and servers (commodity HW)▪ SCION border router▪ Beacon, certificate, and path servers▪ Border routers of different ASes connect natively or using as
overlay over the Internet▪ For fault tolerance, multiple servers and border routers can be
set up▪ Minimal deployment: single commodity host per domain,
implementing border router and all servers
![Page 14: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/14.jpg)
Deployment @ ETH
LegacydeviceSCIONborderrouter
BR
BR
ETH
Swisscom
BRBR
SWITCH
BR
BR
![Page 15: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/15.jpg)
Use Case: IoT Protection through Default Off
SCION
LegacydeviceSCIONdevice
MonitoringSite
IoTDomain
SCION
SCIONSCION
FW
VPN
![Page 16: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/16.jpg)
Use Case: VPN-based Deployment
16
SCION
LegacydeviceSCIONdevice
CentralOffice
BranchFW
VPN
SCION
ER
SCIONSCION
FW
VPN
![Page 17: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/17.jpg)
SCION-IP Gateway (SIG) Deployment
17
LegacydeviceSCIONborderrouterSIG
A
BR
BR
FW
BR
B
C
BRBR
![Page 18: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/18.jpg)
SCIONLabSCION
Network
SCIONLab User
SCION AS
Prov.-Cust. link
Peering link
Core link
SCIONLab AS
![Page 19: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/19.jpg)
Global SCIONLab Network
19
EU
USA
Japan
Korea
Singapore
CH
![Page 20: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/20.jpg)
SCION Visualization System
20
![Page 21: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/21.jpg)
Swiss SCION NetworkSwisscom SWITCH
ETH Zurich
SCION Service (beacon, path, certificate server)
SCION Border Router
ETH Network
10G Fiber 1G Copper
SWITCH Engines
ETH LEE
CERN CIXP
Equinix ZH1
BE Ittigen
ZH Herdern
Irchel
Höngg
Zürcher Kantonalbank
ZKB SCION Services
Physical Location
SCION ASOverlay Link
BIT
BIT SCION Services
![Page 22: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/22.jpg)
SCION AS runs on ODROID and Raspberry Pi
22
Raspberry Pi
![Page 23: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/23.jpg)
Belief that Internet is Immutable ▪ Evidence appears overwhelming that Internet is immutable: IPv6,
BGPSEC, DNSSEC, etc.▪ However, benefits are limited, esp. for early deployers▪ Our goal: provide many benefits, even for early adopters, such that
one cannot turn back
![Page 24: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/24.jpg)
Conclusions▪ SCION is a secure Internet architecture that we can start using
today▪ Many use cases• Cost savings with replacement of leased lines• Business continuity: high-speed failover• Highly secure communication network▪ Strong defense against DDoS attacks, with communication
guarantee▪ Path guarantee, attacker cannot re-route traffic▪No external kill switches, regaining Internet Sovereignty
![Page 25: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/25.jpg)
SCION Projekt Team▪ Netsec: Daniele Asoni,
Laurent Chuat, Sergiu Costea, Sam Hitz, Mike Farb, Tobias Klausmann, Jonghoon Kwon, Tae-Ho Lee, Sergio Monroy, Chris Pappas, Juan Pardo, Adrian Perrig, Benjamin Rotenberger, Stephen Shirley, Jean-Pierre Smith, Brian Trammell
▪ Infsec: David Basin, Tobias Klenze, Ralf Sasse, Christoph Sprenger, Thilo Weghorn
▪ Programming Methodology: Marco Eilers, Peter Müller
25
![Page 26: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/26.jpg)
SCION Commercialization▪ To commercialize SCION, we have founded Anapaya
Systems in June 2017• 4 Founders: Prof. David Basin, Sam Hitz (CEO), Prof.
Peter Müller, Prof. Adrian Perrig▪ We already have several bank and ISP customers▪ We are starting to seek investors▪ Visit us at: www.anapaya.net
![Page 27: SCION: A Secure Internet Architecture · Internet Weakness: DoS and DDoS Attacks Expensive and difficult to protect against DoS und DDoS attacks Despite large investments, attacks](https://reader034.vdocument.in/reader034/viewer/2022043007/5f948843b4b3d631fb59577d/html5/thumbnails/27.jpg)
Additional Information▪ https://www.scion-architecture.net
▪ Book
▪ Papers
▪ Videos
▪ Tutorials
▪ Newslettersignup
▪ https://www.anapaya.net
▪ CommercializingSCIONequipment
▪ https://github.com/scionproto/scion
▪ Sourcecode
27