Proposal for signaling consent from whacked RPKI objects Sharon Goldberg Danny Cooper, Ethan Heilman, Leonid Reyzin Manifest RC ROA.dead Change Log.

Slides:



Advertisements
Similar presentations
A Threat Model for BGPSEC
Advertisements

A Threat Model for BGPSEC Steve Kent BBN Technologies.
RPKI Standards Activity Geoff Huston APNIC February 2010.
1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.
Introduction to ARIN and the Internet Registry System.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
RPKI Certificate Policy Status Update Stephen Kent.
IPv4 Addresses. Internet Protocol: Which version? There are currently two versions of the Internet Protocol in use for the Internet IPv4 (IP Version 4)
APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.
RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
Let the Market Drive Deployment A Strategy for Transitioning to BGP Security Phillipa Gill University of Toronto Sharon Goldberg Boston University Michael.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.
Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.
Lightwave Communications Research Laboratory Princeton University SoBGP vs SBGP Sharon Goldberg Princeton Routing Security Seminar June 27, 2006 and July.
Resource Certification What it means for LIRs Alain P. AINA Special Project Manager.
The Resource Public Key Infrastructure Geoff Huston APNIC.
A PKI for IP Address Space and AS Numbers Stephen Kent.
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
A LIGHT-WEIGHT DISTRIBUTED SCHEME FOR DETECTING IP PREFIX HIJACKS IN REAL TIME Changxi Zheng, Lusheng Ji, Dan Pei, Jia Wang and Paul Francis. Cornell University,
IPv4 Addresses. Internet Protocol: Which version? There are currently two versions of the Internet Protocol in use for the Internet IPv4 (IP Version 4)
Mirjam Kühne 1 ETO, Oct The Internet Registry System presented by Mirjam Kühne.
Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.
1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.
RPKI Tutorial Andy Newton Chief Engineer, ARIN. Agenda Resource Public Key Infrastructure(RPKI) Route Origin Authorizations (ROAs) Certificate Authorities.
1 Internet Presentation GCC-IT commity Saleem Al-Balooshi ETISALAT.
BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.
RIPE NCC IRR training 4 February 2011 Zurich, Switzerland IPv6 Golden Networks Jeroen Massar Things to watch.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.
Updates to the RPKI Certificate Policy I-D Steve Kent BBN Technologies.
BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies.
CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
ARIN Update RIPE 66 Leslie Nobile Director, Registration Services.
Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.
Manifests (and Destiny?) Stephen Kent BBN Technologies.
1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.
Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.
1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.
Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.
RPKI implementation experiences in the LAC Region Carlos M. Martínez – Arturo Servín LACSEC 2012 – LACNIC XVIII.
Draft-ietf-sidr-roa-format draft-ietf-sidr-arch Matt Lepinski BBN Technologies.
BGP Validation Russ White Rule11.us.
Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston )
Are We There Yet? On RPKI Deployment and Security
Are We There Yet? On RPKI Deployment and Security
Are We There Yet? On RPKI Deployment and Security
Goals of soBGP Verify the origin of advertisements
Nurani Nimpuno Registration Services Manager RIPE NCC
Addressing 2016 Geoff Huston APNIC.
APNIC Update ARIN XVI Los Angeles.
KRNIC Member Workshop November 2001 Seoul, Korea
Are We There Yet? On RPKI Deployment and Security
Introduction to ARIN and the Internet Registry System
Some Thoughts on Integrity in Routing
Introduction to IP Addressing & IPv6 Deployment Status
Progress Report on Resource Certification
ROA Content Proposal November 2006 Geoff Huston.
COS 561: Advanced Computer Networks
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006
Presentation transcript:

Proposal for signaling consent from whacked RPKI objects Sharon Goldberg Danny Cooper, Ethan Heilman, Leonid Reyzin Manifest RC ROA.dead Change Log

RIPE’s Publication point DARS Publication Point structure of the RPKI [RFC 6480] RC: /19 DARS RIPE NCC (Réseaux IP Européens) ROA: AS /24 manifest (ROA) Route Origin Authorization Resource Cert (RC) ROA: AS /19 One of five RIRs 2

DARS Publication Point how relying parties sync to the RPKI [RFC 6480]RPKI MANIFEST: filename – hash 25c.cert – 61F… 8e1.roa – 3E5… 0fa.roa – 71A… Router Alice Relying Party Prefix, AS AS X /24 AS X /24 Canadian ISP 3

RPKI authorities can blackhole BGP routes. Why? 1.RPKI authorities can delete ROAs 2.Deleted ROAs can cause invalid BGP routes 3.RPs should drop invalid BGP routes to stop subprefix hijacks. RIPE’s Publication point DARS Publication Point RPKI authorities can unilaterally whack ROAs RC: /19 DARS RIPE (Réseaux IP Européens) AS /24 AS /19 Dec AS /24 AS /24 AS51813 manifest (BTW: Manifest are important! They detect on-path attackers that whack ROAs!) “APNIC does not at this time commit that manifests track all contents of a repository.” 4

IP prefix takedowns by whacking ROAs? Prior to the RPKI, authorities could allocate IPs but not revoke them. But RPKI authorities can revoke IP allocations! Creates a risk that the RPKI can be used for unilateral takedowns. –Law enforcement? Business disputes? Extortion? –The RPKI designed to secure routing, not enable takedowns. –[Mueller-Kuerbis’11, Mueller-Schmidt-Kuerbis’13, Amante’12, FCC’13,…] States seem to want the ability to takedown IP prefixes… –Dutch court ordered RIPE to lockdown prefixes registration (Nov’11) –US court issued a writ of attachment on Iran’s IP prefixes (June’14) –IP allocation does not reflect jurisdiction. # of RIPE ROAs by country (from our model RPKI) 5

proposal : require consent to whack objects [SIGCOMM’14] Design goals: –Consent: Resource certs (RCs) consent to be whacked. –Consistency: Relying parties have consistent views of the RPKI. –Transparency: Relying parties audit RPKI & alarm on problems. “Drop invalid” for prefixes that are not part of an alarm Manually audit prefixes that are part of an alarm. Threat Model: –Similar to certificate transparency [RFC 6962] –Relying parties honestly audit the RPKI –Everyone else (incl. RPKI authorities) is untrusted RPKI Alic e Prefix, AS RPKI 6

RIPE’s Publication point DARS Publication Point how to consent? introducing.dead objects RC: /19 DARS RIPE (Réseaux IP Européens) ROA: AS /24 ROA: AS /19 Dartel LTD Publication Point RC: /24 Dartel LTD ROA: AS /24.dead! Dartel consents If an authority wants to revoke IP prefixes from a child RC, it needs consent from that child & its impacted* descendant RCs. *Descendants aren’t always impacted by changes to the parent; ask me why later! manifest 7

what about alarms between syncs? Alice Alice syncs in morning & misses violations between syncs! Morning RC ROA Afternoon RC ROA Night Morning RC ROA Why does Alice need to catch violations between syncs? So Alice can audit the RPKI So we can have consistency (explained later) 8

catching alarms between syncs! Alice RC ROA RC ROA RC ROA Hash Change Log (contains diffs) How Alice audits a publication point: 1.Sync to the publication point 2.Use change log to reconstruct intermediate manifests 3.Verify the hash chain & signature of the latest manifest 4.Alarm if a consent violation is detected. Alice Valid Remains Valid. Our auditing algorithm makes sure that once a relying party has seen a valid resource cert (RC), that RC remains valid until it consents to be deleted/modified..dead ROA 9

proposal : require consent to delete objects [SIGCOMM’14] Design goals: –Consent:.dead objects indicate consent to whack resource certs (RCs) –Consistency: Relying parties have consistent views of the RPKI. –Transparency: Relying parties audit RPKI & alarm on problems. “Drop invalid” for prefixes that are not part of an alarm Manually audit prefixes that are part of an alarm. RPKI Alic e Prefix, AS RPKI 10

mirror worlds: inconsistent views of the RPKIRPKI Mirror world: RPKI presents one view to one relying party and a different view to the others. Relying parties Alice Bob Why do we care? Auditing is less meaningful if Alice’s view is different from everyone else’s. 11

detecting mirror worlds using manifest hash chains No mirror worlds! If the consistency check passes, relying parties saw the same valid objects. Alice Bob Afternoon Night Morning Hash( ) Bob sends a hash of his latest manifest & Alice finds it in her hashchain. Night 12

our proposal vs suspenders ROOT A RC A ROOT ROA B RC B RLOCK ROA suspenders [draft-kent-sidr-suspenders-02] A INRD host INRD ROOT A RC A ROOT ROA B RC B.dead ROA our proposal [SIGCOMM’14] 13

our proposal vs suspenders Our proposalSuspenders Auditor:Any Relying Party Requirements Consent for whacking?Yes: RCsYes: RCs & ROAs “Consent” for “ROA competition”?NoYes Consistency?YesNo Limited non-repudiation?YesNo? Design New RPKI objects:.dead.roll change logs RLOCK INRD Requires changes to manifests?YesNo “Out of band” publication points?YesNo Proofs of security goals:YesNo Question for the room: What is the right set of requirements? 14

Questions ? ml From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman, Danny Cooper, Leonid Reyzin, Sharon Goldberg SIGCOMM’14, Chicago, IL. August RC ROA Change Log (contains diffs).dead 15

how many parties need to consent? How many ASes need to be involved when a leaf resource cert is revoked? Production RPKI average 1.5 ASes / leaf RC Model fully-deployed RPKI average 1.6 ASes / leaf RC 99.3% need <10 ASes / leaf RC 0.02% need >100 ASes / leaf RC “With great power comes great responsibility” 2 ASes RC: /19 DARS RIPE (Réseaux IP Européens) ROA: DARS AS /19 ROA: Dartel LTD AS /24 16

How often does would the RPKI need.deads? RIPE restructuring (Mid-November 2013) 7,779 objects altered in total * Renewals Not needed in our design (3,569 objects) Doesn’t require a.dead (874 objects) Required participation of all impacted ASes (3,336 objects) * all data from a ~3 month trace of the taken RPKI 2013/10/23 to 2014/01/21

Blaming authorities with accountable alarms. Why should anyone trust Alice when she raises an alarm? When are alarms not accountable (ie others can’t trust Alice)? RPKI ? RPKI RPKI ?  Alarms are accountable in every circumstance other than missing information. 18

ARIN ‘s publication point Continental Broadband pub point ETB SA ESP pub point Sprint’s pub po consent in a deep hierarchy: deletion /20 Continental Broadband /24 ETB S.A. ESP. ARIN American Registry of Internet Numbers /12 Sprint /24 AS /22 AS /24 AS19429.dead Delete 19

ARIN ‘s publication point Sprint’s pub po consent in a deep hierarchy: ”address block narrowing” /20 Continental Broadband /24 ETB S.A. ESP. ARIN American Registry of Internet Numbers /12 Sprint /24 AS /22 AS /24 AS19429.dead /18 Sprint Narrow! 20

ARIN ‘s publication point Sprint’s pub po key rollover (step 0 and 1) /20 B /24 A ARIN American Registry of Internet Numbers /12 Sprint /24 AS /22 AS /24 AS /12 Sprint Preroll! 21

ARIN ‘s publication point Sprint’s pub po key rollover (step 2) /20 B /24 A ARIN American Registry of Internet Numbers /12 Sprint /24 AS /22 AS /24 AS /12 Sprint postroll! Preroll! 22

ARIN ‘s publication point Sprint’s pub po key rollover (step 3) /20 B /24 A ARIN American Registry of Internet Numbers /12 Sprint /24 AS /22 AS /24 AS19429.roll /12 Sprint postroll! Delete 23

RIPE’s Publication point DARS Publication Point Key Rollover RC: /19 DARS RIPE (Réseaux IP Européens) 24 ROA: DARS AS /19 Dartel LTD Publication Point RC: /24 Dartel LTD ROA: Dartel LTD AS /24 RC: /19 DARS.dead

IPv4 address allocation does not reflect jurisdiction Data-driven model of the RPKI (today’s RPKI is too small)  Using RIR direct allocations, routeviews, BGP table dumps  RIRs and their direct allocations get RCs, other (prefix,origin AS) pairs in the table dumps get a ROA  ASes mapped to countries using RIR data /8 Held by Level 3 RU, FR, NL, CN, TW, CA, JP, GU, US, AU, GB, MX /8 Held by Cogent CA, US, HK, GB, IN, PH, MX, PR, GU, GT, 25

Countries 26

Countries covered by RIPE 27

Number of ROAs issued by each direct allocation 28

Depth of the RPKI DepthROAs 3118, , ,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.