1 Origin Authentication in Interdomain Routing Security Reading Group September 3, 2004 William Aiello, John Ioannidis, and Patrick McDaniel Proceedings of 10th ACM Conference on Computer and Communications Security (CCS'03) Presenter: Jonathan McCune Some slides borrowed from L. Gao, P. McDaniel

2 Interdomain Routing Security Issues We don ’ t authenticate ASes  How can we tell Sprint from somebody who claims to be Sprint? We don ’ t authenticate paths  How do we know a malicious party is not changing the route our traffic takes? We don ’ t authenticate addresses  How do we know that an enterprise uses only those addresses is has the right to? Origin Authentication: validation of an AS ’ s claim of address ownership

3 Overview Background Formalization  Semantics of address delegation  Origin authentication proof systems Modeling  Address delegation graph Evaluating resource costs  Feasibility of an online Origin Authentication system

4 Interdomain Routing The Internet consists of many routing domains:  Routing inside a domain is determined by an intradomain routing protocol (e.g., OSPF)  Routing between domains is governed by an interdomain routing protocol (e.g., BGP)  Intradomain and interdomain routing decisions are largely made independently Reasons:  Scale  Administrative autonomy

5 BGP (Border Gateway Protocol) BGP:  The interdomain routing protocol used on the Internet  Routing domains are called Autonomous Systems (ASes), e.g. AT&T. ASes:  Announce the prefixes that they own (IP address ranges, e.g /24) to their neighboring ASes.  Exchange prefix announcements with all one- hop neighbors

6 Intra-AS and Inter-AS Routing: Example Source: Computer Networking: A Top-Down Approach Featuring the Internet The route from A.d to B.b: intra-AS and inter-AS path segments.

7 Origin Authentication Goal:  Provide evidence (cryptographically strong authentication tags) of the relations between organizations, ASes, and prefixes. Evidence Validated Address Advertisements Address Advertisements BGP Speakers

8 Address Delegation Registries – ISPs – Customers The IPv4 address space is governed by IANA IANA delegates parts of the global address space to organizations Each organization may further  Delegate some or all of the received address space to any organization it desires  Assign its address space to the AS in which the addresses reside Logistical nightmare: how space was retrieved, by whom, and when is not well documented

9 Address Delegation: Example AT&T delegates /24 to ALPHA AT&T assigns /8 to AS7018 Longest prefix matching for /24 Address announcements: ASes advertise the set of prefixes that they originate (prefix, ASN)

10 Definition: Organization ASN = { 1, 2, …, K }, where currently K = 2 16  E.g. AS7018, AS29987 S = { all BGP speaking organizations }  E.g. AT&T, ARIN, ALPHA, BETA ASN(C) = { AS # currently assigned to C }  E.g. for C = ALPHA, ASN(C) = { AS29987 } O = S  { IANA }  { other prefix registries }

11 Definition: Prefixes IPA = { 0, 1 } l, where l = 32/64 for IPv4/IPv6 Address Prefixes: x/j  x is a j bit number, and j  [ 0, l ], e.g. 128/8  x/j = { x  y | y is a ( l-j ) bit number }  IPA =  /0 x/j x  0/(j+1) x  1/(j+1) Disjoint Union Superset Subprefix and superprefix

12 Prefix Tree of IPA  /0 0/11/1 0  0/20  1/21  0/21  1/2 1  1/320  0/32

13 Delegation Semantics An organization C in O delegates/assigns y/k by (C, y/k, x) Where:  x = C ’ in O (organization delegation) or  x = n in ASN (AS assignment) or  x = R (RESERVED) or  x = (UNAUTHENTICATED) P (C) = delegations made by C in O

14 Definition: delegation policy For a given prefix y/k and an organization C:  (C, y/k, n): C assigns y/k to an ASN n  (C, y/k, C ’ ): C delegates y/k to C ’  (C, y/k, R): C declares y/k as RESERVED  (C, y/k, U): C ’ s delegation or assignment of y/k is UNAUTHENTICATED C may perform zero, one, or more of the above options The set of triples is C ’ s delegation policy for y/k

15 Delegation Graphs A directed graph G = (V, E)  V=O  ASN  R  U    E={(x, y/k, z)} Example:  V = { IANA, AT&T, … }  E = {(IANA, /8,AT&T), … } Definition:  Ownership Source  Assignment Edge  ASN-respecting

16 Valid & Faithful A directed path is valid for y/k if:  The ownership source is IANA  The path is monotonic (with respect to subprefix)  The path is acyclic  The assignment edge is labeled y/k and is ASN-respecting C ’ s delegation policy is faithful for y/k if there is at most one triple in the form:  (C, y/k, n)  (C, x/j, C ’ ), (C, x/j, U), or (C, x/j, R), where x/j is a superprefix of y/k

17 Verification of Origin Announcements OAs are verified by Origin Authentication Tags (OATs):  A delegation path  A set of delegation attestations o one for each edge in the path  An ASN Ownership Proof Assumption: certificate infrastructure (PKI) Attestations are proofs of edges in the graph

18 Delegation Schemes 1. Simple Delegation Attestation (SDA) 2. Authenticated Delegation List (ADL) 3. AS Authenticated Delegation List (AS ADL) 4. Authenticated Delegation Tree (ADT)

19 Simple Delegation Attestation A signature by C for a prefix x/j:  { ( C, x/j, F C (x/j) ) } C  A signed statement (by C ’ s key) binding the prefix (x/j) to an organization identifier (F C (x/j)) The simple delegation attestation for D(C): { ( C, x 1 /j 1, F C (x 1 /j 1 ) ) } C, { ( C, x 2 /j 2, F C (x 2 /j 2 ) ) } C, …, { ( C, x s /j s, F C (x s /j s ) ) } C

20 SDA: An Example The delegation path for /24 is: (IANA, AT&T, ALPHA, AS29987) The delegation attestation for the path are: [(IANA, /8, AT&T)] IANA, [(AT&T, /24, ALPHA)] AT&T, [(ALPHA, /24, AS29987)] ALPHA

21 Authenticated Delegation List C creates a single list of all of its delegations and sign that list [ { ( C, x 1 /j 1, F C (x 1 /j 1 ) ) }, { ( C, x 2 /j 2, F C (x 2 /j 2 ) ) }, …, { ( C, x s /j s, F C (x s /j s ) ) } ] C If C delegates x i /j i to B  C signs all of the delegations it makes to everyone.  B advertises x i /j i and provides this attestation

22 ADL: An Example The delegation path for /24 is: (IANA, AT&T, ALPHA, AS29987) The delegation attestations for the path are: [(IANA, /8, AT&T), (IANA, /8, ARIN)] IANA, [(AT&T, /24, ALPHA), (AT&T, /16, AS7018), (AT&T, /8, AS7018)] AT&T, [(ALPHA, /24, AS29987)] ALPHA

23 AS Authenticated Delegation List C breaks up the entire list into several lists and signs each of the smaller lists. The list is split according to those prefixes:  delegated to the same organization or  assigned to the same AS number If C delegates x i /j i to B  C signs all of the delegations it makes to B.  B advertises x i /j i and provides this attestation

24 AS ADL: An Example The delegation path for /8 is: (IANA, AT&T, AS7018) The delegation attestation for the path are: [(IANA, /8, AT&T)] IANA, [(AT&T, /16, AS7018), (AT&T, /8, AS7018)] AT&T

25 Authenticated Delegation Tree C creates a Merkle hash tree:  The values of the leaves: ( C, x/j, F C (x/j) )  The values of each internal node: H(L, R) If C delegates x i /j i to B  C only signs the root [h 0 ] C  C provides the value of the children of all of the nodes on the path in the Merkel tree from the root to (C, x i /j i, B)  B advertises x i /j i and provides this attestation

26 ADT: An Example The delegation attestation for (C, x 2 /j 2, B): {H(L 12, R 34 )} C, H(L 3, R 4 ), (C, x 1 /j 1, A) H(L 12, R 34 ) H(L 1, R 2 )H(L 3, R 4 ) (C, x 1 /j 1, A)(C, x 2 /j 2, B)(C, x 3 /j 3, D)(C, x 4 /j 4, E)

27 Authenticated Delegation Dictionaries - 1 The model for an authenticated dictionary An Authenticated Dictionary for C:  Element: (C, y/k, F C (y/k))  The search key: address prefixes  Data Structure: balanced 2-3 trees, with leaves sorted based on the search key User Directory Dictionary Query Yes/No + Proof Attestations

28 Authenticated Delegation Dictionaries - 2 Prefix Tree rooted at x/j: A total order of the prefixes: x/j < x  y/(j+k) < z/j The smallest element: x/j The largest element: x  1 l-j / l x/j x  0/(j+1)x  1/(j+1) x  0  0/(j+2)x  0  1/(j+2)x  1  0/(j+2)x  1  1/(j+2)

29 Authenticated Delegation Dictionaries - 3 ADD for C: The delegation attestation for (C, x 2 /j 2, B):  The signed root: {k0  H(L 123, R 45 )} C  The value of the children of the nodes of the path: k3  H(L 4, R 5 ), (C, x 1 /j 1, A), (C, x 3 /j 3, D)  The search tree path k0  H(L 123,R 45 ) k1  k2  H(L 1,M 2,R 3 ) k3  H(L 4,R 5 ) (C, x 1 /j 1, A) (C, x 2 /j 2, B) (C, x 3 /j 3, D) (C, x 5 /j 5, F) ) (C, x 4 /j 4, E)

30 Approximating IP Address Delegation Goal:  To understand how and by whom delegation occurs Sources: IANA and BGP announcements What do we learn?  Dense (16 orgs delegate 80% address space)  Stable (10-30% movement in 5 months)

31 Approximation Example

32 Delegation in the Approximate Delegation Graph The overwhelming majority of delegations are being performed by a relatively few ASes/organizations

33 Trace-Based Simulation The OAsim simulator:  Models the operation of a single BGP speaker  Accepts timed BGP UPDATE streams  Computes bandwidth/computational costs  Implements four service designs Dataset:  Obtained from RouteViews  A trace of BGP updates over a 24 hour period

34 Computational Costs

35 Bandwidth Costs

36 Conclusions OA is important in inter-domain routing  Trace and validate the delegation of address usage Formalization  Semantics of address ads & proofs of delegation Modeling  Current IPv4 address delegation is dense & static Performance Evaluation  Tree-based proof system has best computation / bandwidth trade-offs Online origin authentication is now in the realm of possibility

37 Questions ? Comments?