3/9/2004Presenter: Lan Gao1 Origin Authentication in Interdomain Routing William Aiello, John Ioannidis, and Patrick McDaniel Proceedings of 10th ACM Conference on Computer and Communications Security (CCS'03)

3/9/2004Presenter: Lan Gao2 What does the paper solve? Problem  How do we ensure that addresses are associated with only those ASes that own them? Origin Authentication  Provide a way to validate claims of address ownershi p in interdomain routing  Authenticate address usage Defense against  Attacks by malicious entities  misconfigurations

3/9/2004Presenter: Lan Gao3 Overview Background Formalization  semantics of address delegation  Origin authentication proof systems Modeling  address delegation graph Evaluating resource costs

3/9/2004Presenter: Lan Gao4 Interdomain Routing The Internet consists of many routing domains:  routing inside a domain is determined by an intradom ain routing protocol  routing between domains is governed by an interdom ain routing protocol  Intradomain and interdomain routing decisions are la rgely made independently Reasons:  Scale  Administrative autonomy

3/9/2004Presenter: Lan Gao5 BGP (Border Gateway Protocol) BGP:  the interdomain routing protocol used on the I nternet  routing domains is called Autonomous System s (ASes), e.g. AT&T. ASes:  announce the prefixes that they own (IP addre ss ranges, e.g /24) to its neighboring A Ses.  announce the prefixes that it learns from each of its neighbors to its other neighbors.

3/9/2004Presenter: Lan Gao6 Intra-AS and Inter-AS Routing: Example Source: Computer Networking: A Top-Down Approach Featuring the Internet The route from A.d to B.b: intra-AS and inter-AS path segments.

3/9/2004Presenter: Lan Gao7 Security Issues in Interdomain Routing ASes are not authenticated Paths are not authenticated Addresses are not authenticated What is addressed in the paper?  Validate an AS’s authority to advertise a prefix

3/9/2004Presenter: Lan Gao8 Origin Authentication Goal:  Provide evidence (cryptographically strong aut hentication tags) of the relations between orga nizations, ASes, and prefixes. Evidence Validated Address Advertisements Address Advertisements BGP Speakers

3/9/2004Presenter: Lan Gao9 Address Delegation The IPv4 address space is governed by IANA IANA delegates parts of the global address s pace to organizations Each organization may further  Delegate some or all of the received address sp ace to any organization it desires  Assign its address space to the AS in which th e addresses reside

3/9/2004Presenter: Lan Gao10 Address Delegation: Example AT&T delegates / 24 to ALPHA AT&T assigns /8 to AS7018 Longest prefix matching for /24 Address announcements: ASes advertise the set of prefixes that they origina te (prefix, ASN)

3/9/2004Presenter: Lan Gao11 Definition: Organization ASN = { 1, 2, …, K }, where currently K = 2 16  E.g. AS7018, AS29987 S = { all BGP speaking organizations }  E.g. AT&T, ARIN, ALPHA, BETA ASN(C) = { AS # currently assigned to C }  E.g. for C = ALPHA, ASN(C) = { AS29987 } O = S  { IANA }  { other prefix registries }

3/9/2004Presenter: Lan Gao12 Definition: Prefixes IPA = { 0, 1 } l, where l = 32/64 for IPv4/IPv6 Address Prefixes: x/j  x is a j bit number, and j  [ 0, l ], e.g. 128/8  x/j = { x  y | y is a ( l-j ) b it number }  IPA =  /0 x/j x  0/(j+1) x  1/(j+1) Disjoint Union Superset subprefix & superprefix

3/9/2004Presenter: Lan Gao13 Prefix Tree of IPA  /0 0/11/1 0  0/20  1/21  0/21  1/2 1  1/320  0/32

3/9/2004Presenter: Lan Gao14 Definition: delegation policy For a given prefix y/k and an organization C:  (C, y/k, n): C assigns y/k to an ASN n  (C, y/k, C’): C delegates y/k to C’  (C, y/k, R): C declares y/k as RESERVED  (C, y/k, U): C’s delegation or assignment of y/ k is UNAUTHENTICATED C may perform zero, one, or more of the abo ve options The set of triples is C’s delegation policy for y/k

3/9/2004Presenter: Lan Gao15 Subtree Semantics Definition:  a property of a prefix x/j implies the same pro perty for all of the subprefixes of x/j Consider the previous delegation policy:  Delegations, RESERVED and UNAUTHENTI CATED declarations have subtree semantics  Assignments do not have subtree semantics

3/9/2004Presenter: Lan Gao16 Delegation Graphs A directed graph G = (V, E)  V=O  ASN  R  U    E={(x, y/k, z)} Example:  V = { IANA, AT&T, … }  E = {(IANA, /8,AT &T), … } Definition:  Ownership Source  Assignment Edge  ASN-respecting

3/9/2004Presenter: Lan Gao17 Valid & Faithful A directed path is valid for y/k if:  The ownership source is IANA  The path is monotonic  The path is acyclic  The ass edge is labelled y/k and is ASN-respecting C’s delegation policy is faithful for y/k if there is at most one triple in the form:  (C, y/k, n)  (C, x/j, C’), (C, x/j, U), or (C, x/j, R), where x/j is a su perprefix of y/k

3/9/2004Presenter: Lan Gao18 Verification of Origin Announcements OAs are verified by Origin Authentication Ta gs (OATs):  A delegation path  A set of delegation attestation, one for each ed ge in the path  An ASN Ownership Proof

3/9/2004Presenter: Lan Gao19 Simple Delegation Attestation A signature by C for a prefix x/j:  { ( C, x/j, F C (x/j) ) } C  A signed statement (by C’s key) binding the pr efix (x/j) to an organization identifier (F C (x/j)) The simple delegation attestation for D(C): { ( C, x 1 /j 1, F C (x 1 /j 1 ) ) } C, { ( C, x 2 /j 2, F C (x 2 /j 2 ) ) } C, …, { ( C, x s /j s, F C (x s /j s ) ) } C

3/9/2004Presenter: Lan Gao20 SDA: An Example The delegation path for /24 is: (IANA, AT&T, ALPHA, AS29987) The delegation attestation for the path are: [(IANA, /8, AT&T)] IANA, [(AT&T, /24, ALPHA)] AT&T, [(ALPHA, /24, AS29987)] ALPHA

3/9/2004Presenter: Lan Gao21 Authenticated Delegation List C creates a single list of all of its delegations and sig n that list [ { ( C, x 1 /j 1, F C (x 1 /j 1 ) ) }, { ( C, x 2 /j 2, F C (x 2 /j 2 ) ) }, …, { ( C, x s /j s, F C (x s /j s ) ) } ] C If C delegates x i /j i to B  C signs all of the delegations it makes to everyone.  B advertises x i /j i and provides this attestation

3/9/2004Presenter: Lan Gao22 ADL: An Example The delegation path for /24 is: (IANA, AT&T, ALPHA, AS29987) The delegation attestation for the path are: [(IANA, /8, AT&T), (IANA, /8, ARIN)] IANA, [(AT&T, /24, ALPHA), (AT&T, /16, AS7018), (AT&T, /8, AS7018)] AT&T, [(ALPHA, /24, AS29987)] ALPHA

3/9/2004Presenter: Lan Gao23 AS Authenticated Delegation List C breaks up the entire list into several lists an d signs each of the smaller lists. The list is splitted according to those prefixes:  delegated to the same organization or  assigned to the same AS number If C delegates x i /j i to B  C signs all of the delegations it makes to B.  B advertises x i /j i and provides this attestation

3/9/2004Presenter: Lan Gao24 AS ADL: An Example The delegation path for /8 is: (IANA, AT&T, AS7018) The delegation attestation for the path are: [(IANA, /8, AT&T)] IANA, [(AT&T, /16, AS7018), (AT&T, /8, AS7018)] AT&T

3/9/2004Presenter: Lan Gao25 Authenticated Delegation Tree C creates a Merkle hash tree:  The values of the leaves: ( C, x/j, F C (x/j) )  The values of each internal node: H( L, R ) If C delegates x i /j i to B  C only signs the root [h 0 ] C  C provides the value of the children of all of th e nodes on the path in the Merkel tree from th e root to ( C, x i /j i, B )  B advertises x i /j i and provides this attestation

3/9/2004Presenter: Lan Gao26 ADT: An Example The delegation attestation for (C, x 2 /j 2, B): {H(L 12, R 34 )} C, H(L 3, R 4 ), (C, x 1 /j 1, A) H(L 12, R 34 ) H(L 1, R 2 )H(L 3, R 4 ) (C, x 1 /j 1, A)(C, x 2 /j 2, B)(C, x 3 /j 3, D)(C, x 4 /j 4, E)

3/9/2004Presenter: Lan Gao27 Authenticated Delegation Dictionaries - 1 The model for an authenticated dictionary An Authenticated Dictionary for C:  Element: (C, y/k, F C (y/k))  The search key: address prefixes  Data Structure: balanced 2-3 trees, with leaves sorted based on the search key User Directory Dictionary Query Yes/No + Proof Attestations

3/9/2004Presenter: Lan Gao28 Authenticated Delegation Dictionaries - 2 Prefix Tree rooted at x/j: A total order of the prefixes: x/j < x  y/(j+k) < z/j The smallest element: x/j The largest element: x  1 l-j / l x/j x  0/(j+1)x  1/(j+1) x  0  0/(j+2)x  0  1/(j+2)x  1  0/(j+2)x  1  1/(j+2)

3/9/2004Presenter: Lan Gao29 Authenticated Delegation Dictionaries - 3 ADD for C: The delegation attestation for (C, x 2 /j 2, B):  The signed root: {k0  H(L 123, R 45 )} C  The value of the children of the nodes of the path: k3  H(L 4, R 5 ), (C, x 1 /j 1, A), (C, x 3 /j 3, D)  The search tree path k0  H(L 123,R 45 ) k1  k2  H(L 1,M 2,R 3 ) k3  H(L 4,R 5 ) (C, x 1 /j 1, A) (C, x 2 /j 2, B) (C, x 3 /j 3, D) (C, x 5 /j 5, F) ) (C, x 4 /j 4, E)

3/9/2004Presenter: Lan Gao30 Approximating IP Address Delegation Goal:  To understand how and by whom delegation occurs Sources: IANA and BGP announcements What do we learn?  Dense (16 orgs delegate 80% address space)  Stable (10-30% movement in 5 months)

3/9/2004Presenter: Lan Gao31 Approximation Example

3/9/2004Presenter: Lan Gao32 Delegation in the Approximate Delegation Graph The overwhelming number of delegations are being perf ormed by a relatively few ASes/organizations

3/9/2004Presenter: Lan Gao33 Trace-Based Simulation The OAsim simulator:  Models the operation of a single BGP speaker  Accepts timed BGP UPDATE streams  Computes bandwidth/computational costs  Implements four service designs Dataset:  Obtained from RouteViews  A trace of BGP updates over a 24 hour period

3/9/2004Presenter: Lan Gao34 Computational Costs

3/9/2004Presenter: Lan Gao35 Bandwidth Costs

3/9/2004Presenter: Lan Gao36 Conclusions OA is important in inter-domain routing  trace and validate the delegation of address usage Formalization  semantics of address ads & proofs of delegation Modeling  the current IPv4 address delegation: dense & static Performance Evaluation  consolidate proofs by delegator to reduce costs

3/9/2004Presenter: Lan Gao37 Questions ? Comments?