Reduction-based security analysis of Internet routing protocols

In recent years, there have been strong interests in the networking community in designing new Internet architectures that provide strong security guarantees. However, none of these proposals back their security claims by formal analysis. In this paper, we use a reduction-based approach to prove the route authenticity property in secure routing protocols. These properties require routes announced by honest nodes in the network not to be tampered with by the adversary. We focus on protocols that rely on layered signatures to provide security: each route announcement is associated with a list of signatures attesting the authenticity of its subpaths. Our approach combines manual proofs with automated analysis. We define several reduction steps to reduce proving route authenticity properties to simple conditions that can be automatically checked by the Proverif tool. We show that our analysis is correct with respect to the trace semantics of the routing protocols.

[1]  Lawrence C. Paulson,et al.  Mechanized proofs for a recursive authentication protocol , 1997, Proceedings 10th Computer Security Foundations Workshop.

[2]  John C. Mitchell,et al.  A Security Evaluation of DNSSEC with NSEC3 , 2010, NDSS.

[3]  Véronique Cortier,et al.  Deciding Security for Protocols with Recursive Tests , 2011, CADE.

[4]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[5]  Véronique Cortier,et al.  Modeling and Verifying Ad Hoc Routing Protocols , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[6]  Véronique Cortier,et al.  Analysing Routing Protocols: Four Nodes Topologies Are Sufficient , 2012, POST.

[7]  Evangelos Kranakis,et al.  Pretty Secure BGP, psBGP , 2005, NDSS.

[8]  Carl A. Gunter,et al.  Formal verification of standards for distance vector routing protocols , 2002, JACM.

[9]  John C. Mitchell,et al.  Protocol Composition Logic (PCL) , 2007, Computation, Meaning, and Logic.

[10]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[11]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[12]  John C. Mitchell,et al.  A modular correctness proof of IEEE 802.11i and TLS , 2005, CCS '05.

[13]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[14]  Jean-Pierre Seifert,et al.  Secrecy Analysis in Protocol Composition Logic , 2006, ASIAN.

[15]  Patrick D. McDaniel,et al.  A Survey of BGP Security Issues and Solutions , 2010, Proceedings of the IEEE.

[16]  José Meseguer,et al.  A rewriting-based inference system for the NRL protocol analyzer: grammar generation , 2005, FMSE '05.

[17]  Mark-Oliver Stehr,et al.  Formal prototyping in early stages of protocol design , 2005, WITS '05.

[18]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[19]  Michael Walfish,et al.  Verifying and enforcing network paths with icing , 2011, CoNEXT '11.

[20]  Jennifer Rexford,et al.  BGP routing policies in ISP networks , 2005, IEEE Network.

[21]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[22]  Dawson R. Engler,et al.  Model Checking Large Network Protocol Implementations , 2004, NSDI.

[23]  Lawrence C. Paulson Mechanized Proofs for a Recursive Authentication Protocol 1 , 1997 .