An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

Slides:



Advertisements
Similar presentations
RPKI Standards Activity Geoff Huston APNIC February 2010.
Advertisements

Update on Resource Certification Geoff Huston, APNIC Mark Kosters, ARIN SSAC Meeting, March 2008.
An Operational Perspective on BGP Security Geoff Huston February 2005.
The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.
1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
Nigel Titley. RIPE 54, 9 May 2007, Tallinn, Estonia. 1 RIPE NCC Certification Task Force Update Presented by Nigel Titley RIPE NCC.
APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.
RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
RPKI Validation - Revisited draft-huston-rpki-validation-01.txt Geoff Huston George Michaelson APNIC Slide 1/19.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007.
Summary Report on Resource Certification February 2007 Geoff Huston Chief Scientist APNIC.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
A PKI For IDR Public Key Infrastructure and Number Resource Certification AUSCERT 2006 Geoff Huston Research Scientist APNIC.
Progress Report on resource certification February 2007 Geoff Huston Chief Scientist APNIC.
Resource Certification What it means for LIRs Alain P. AINA Special Project Manager.
Progress Report on APNIC Trial of Certification of IP Addresses and ASes APNIC 22 September 2006 Geoff Huston.
The Resource Public Key Infrastructure Geoff Huston APNIC.
A PKI for IP Address Space and AS Numbers Stephen Kent.
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.
RPKI Tutorial Andy Newton Chief Engineer, ARIN. Agenda Resource Public Key Infrastructure(RPKI) Route Origin Authorizations (ROAs) Certificate Authorities.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Using Resource Certificates Progress Report on the Trial of Resource Certification October 2006 Geoff Huston Chief Scientist APNIC.
Using Resource Certificates Progress Report on the Trial of Resource Certification October 2006 Geoff Huston APNIC.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.
Using Resource Certificates Progress Report on the Trial of Resource Certification November 2006 Geoff Huston APNIC.
1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.
Updates to the RPKI Certificate Policy I-D Steve Kent BBN Technologies.
Draft-huston-sidr-rfc6490-bis Geoff Huston Slide 1/6.
1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.
Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.
Securing the Internet Backbone: Current activities in the IETF’s Secure InterDomain Routing Working Group Geoff Huston Chief Scientist, APNIC.
1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.
Current Policy Topics Emilio Madaio RIPE NCC RIPE November 2010, Rome.
Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
News from APNIC German Valdez Communications Area Manager RIPE October 2008.
RPKI implementation experiences in the LAC Region Carlos M. Martínez – Arturo Servín LACSEC 2012 – LACNIC XVIII.
Using Resource Certificates Progress Report on the Trial of Resource Certification October 2006 Geoff Huston APNIC.
BGP Validation Russ White Rule11.us.
Whois & Data Accuracy Across the RIRs. Terms ISP – An Internet Service Provider is allocated address space by an RIR for the purpose of providing connectivity.
Are We There Yet? On RPKI Deployment and Security
Securing BGP: The current state of RPKI
Auto-Detecting Hijacked Prefixes?
Auto-Detecting Hijacked Prefixes?
November 2006 Geoff Huston APNIC
RPKI Trust Anchor Geoff Huston APNIC.
Are We There Yet? On RPKI Deployment and Security
APNIC Trial of Certification of IP Addresses and ASes
Some Thoughts on Integrity in Routing
APNIC Trial of Certification of IP Addresses and ASes
Resource Certificate Profile
Why don’t we have a Secure and Trusted Inter-Domain Routing System?
Progress Report on Resource Certification
October 2006 Geoff Huston APNIC
ROA Content Proposal November 2006 Geoff Huston.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006
News from APNIC ARIN XXII 16 October 2008.
Presentation transcript:

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013

Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires assembling a large volume of authoritative data about addresses and routing policies – And this data does not readily exist We have grown used to a routing system that has some “vagueness” at the edges – Working out who has the authority to advertise what information into the routing system can be a difficult question to answer And sometimes that “vagueness” bites us…

Back in November last year...

Telling “Good Routing” from “Bad Routing” “BAD” routing does not proclaim itself as evil – So how can we identify a routing update that contains false information? The only robust tool we have is to be able to generate a “digital signature” that covers an object – The signature can tell if the digital payload has been tampered with in any way – And if you can validate the key used to generate the signature then you also can derive authenticity and non-repudiation All we can do is label “GOOD” routing, and then use the absence of the “good label” to infer badness

Telling “Good” from “Bad” Therefore… To identify what’s “bad,” we need to clearly label everything that we’d label as “good” And if we can do that, then… Can we set up a mechanism to allow an automated system to validate that the use of an address in the context of a routing protocol update has been duly authorized by the holder of that address, and that the reachability information in the routing update accurately reflects the current state of the forwarding subsystem?

Routing Registries We’ve already tried this with the Routing Registry (IRR) approach: – ISPs publish a list of the prefixes they intend to advertise and their route policies – You can use this information to automate the construction of input route filters – Route updates are accepted only if they pass through the filter: i.e. only if they match the constraints as specified in the route policy statements – Limits the extent of propagation of unregistered routes But routing registries have some downsides: High maintenance overhead, very complex policy specification, poor security model, limited uptake by AS operators, conflicting registries

BGP + Security Is is possible to wrap integrity credentials inside the inter-domain routing protocol? – Receivers of a routing update could then use the credentials attached to the update to check if the update is genuine, and has been duly authorised This is the foundation of BGPsec: – a set of additions to BGP that add attributes to BGP updates that include digital signatures over certain contents of the update

BGPsec Developed by the IETF )over the period 2003 to the present) – Strong foundation in earlier sBGP work from BBN – Includes additional attributes to a BGP update that hold digital signatures that sign over: The origination of the route – Prefix holder signing over the originating AS number to convey authorization Each “AS pair” in the AS path – AS holder signs over the next AS in the path to indicate where the update was passed – A BGPsec speaker uses additional information to validate that the keys used to generate these signatures are valid and trustable

Validating Credentials This is a conventional application of public/private key cryptography, with “authority to use” conveyed by a digital signature from the authority grantor who signs across the authority subject – Using a private key to digitally sign the authority, and the public key to validate the authority We use a conventional X.509 Public Key certificate infrastructure to support public key validation at the scale of the Internet – But how can we inject trustable authority into this framework?

Trustable Credentials How can we inject trustable authority into this framework? Use the existing address allocation hierarchy – IANA to the RIRs – RIRs to the NIRs & LIRs, – NIRs and LIRs to the End holders Describe this address allocation structure using X.509 public key certificates – If A allocated a resource to B then A can issue a certificate with a subject of B, and a certificate content of the resources that A has allocated to B – These certificates do not introduce additional data into the registry system – they are a representation of registry information in a particular digital format

Resource Certificates A resource certificate is a digital document that binds together an IP address block with the IP address holder’s public key, signed by the certification authority’s private key The certificate set can be used to validate that the holder of a particular private key is held by the current legitimate holder of a particular number resource – or not!

12 The RPKI Certificate Service Enhancement to the RIR Registry – Offers verifiable proof of number holdings Resource Certification is an opt-in service – Number Holders choose to request a certificate and provide their public key to be certified Derived from registration data

APNIC’s RPKI System APNIC has integrated RPKi management services into its MyAPNIC Portal for APNIC member use The following are some screenshots of this system

APNIC’s Current Activities UI developments – Integration of live BGP information into ROA generation (based on RIPE UI) Testbed Interface for RPKI-RPKI interface – Allows NIRs/LIRs to deploy a local RPKI engine

RIRs’ Issues Trust Anchors for the RPKI – RIR Trust Anchor structure varies: ARIN covers /8s + ERX in their TAL RIPE NCC covers only IANA-assigned /8s in their self-signed TA (no ASNs) LACNIC covers /8s + ERX in their TAL AFRINIC covers only IANA-assigned /8s APNIC use a split 5 self signed certs (IANA /8s, ERX from ARIN, RIPE NCC, …) – How many Trust Anchors? – What’s IANA’s role here? How to certify ERX’d resources? How to manage transfers in RPKI space Use of the RPKI provisioning protocol (RFC6492) varies

Current Activities Certificate Infrastructure – Integration of Certificate Issuance Systems into production services – Signing and validation service modules as plugin modules for other apps – Tools for the distribution and synchronization of the certificate store Secure Routing Systems (IETF) – Specification of AS Path signing extensions to BGP

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.