BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies.

Slides:

Advertisements

Similar presentations

A Threat Model for BGPSEC

Advertisements

A Threat Model for BGPSEC Steve Kent BBN Technologies.

RPKI Standards Activity Geoff Huston APNIC February 2010.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.

Inter-domain Routing security Problems Solutions.

1 Securing BGP Large scale trust to build an Internet again Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

Computer Networks Layering and Routing Dina Katabi

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)

Working Group 6: Secure BGP Deployment December 16, 2011 Andy Ogielski, Renesys Jennifer Rexford, Princeton U. WG 6 Co-Chairs.

Lecture 4: BGP Presentations Lab information H/W update.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

Border Gateway Protocol

David Wetherall Professor of Computer Science & Engineering Introduction to Computer Networks Hierarchical Routing (§5.2.6)

Xuan Zheng (modified by M. Veeraraghavan) 1 BGP overview BGP operations BGP messages BGP decision algorithm BGP states.

Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

Draft-ietf-sidr-bgpsec-protocol Matt Lepinski

T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Inter-domain routing Some slides used with.

Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.

BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

BGPSEC router key rollover as an alternative to beaconing Roque Gagliano Keyur Patel Brian Weis draft-ietf-sidr-bgpsec-rollover-01.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

CSCI-1680 Network Layer: Inter-domain Routing Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, Rodrigo Fonseca John Jannotti.

1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.

Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.

Overview of draft-ietf-sidr-roa-00.txt Steve Kent BBN Technologies.

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Prefix Origin Validation State Extended Community draft-pmohapat-sidr-origin-validation-signaling-00.

1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.

1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.

Wed 24 Mar 2010SIDR IETF 77 Anaheim, CA1 SIDR Working Group IETF 77 Anaheim, CA Wednesday, Mar 24, 2010.

RPKI implementation experiences in the LAC Region Carlos M. Martínez – Arturo Servín LACSEC 2012 – LACNIC XVIII.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

Currently Open Issues in the MIPv6 Base RFC MIPv6 security design team.

1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.

Draft-ietf-sidr-roa-format draft-ietf-sidr-arch Matt Lepinski BBN Technologies.

BGP L3VPN origin validation (draft-ymbk-l3vpn-origination-02) November 2012.

intra-va-01.txt -01 Draft of: “FIB Suppression with Virtual Aggregation and Default Routes” Paul.

BGP Validation Russ White Rule11.us.

AS Numbers - Again Geoff Huston APNIC October 2009

Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 BGPSEC Protcol Error Handling IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.

BGPSEC Protocol (From -01 to -02 and on to -03) Matt Lepinski.

Auto-Detecting Hijacked Prefixes?

IETF 81 Quebec, QC, Canada Thursday, 28 July, 2011

Goals of soBGP Verify the origin of advertisements

BGP supplement Abhigyan Sharma.

BGPSEC Potential Optimizations for AS-PATH Prepending and Transparent Route Servers. sidr wg / Québec City Doug Montgomery

Are We There Yet? On RPKI Deployment and Security

Geoff Huston APNIC August 2009

APNIC Trial of Certification of IP Addresses and ASes

BGP Multiple Origin AS (MOAS) Conflict Analysis

Presentation transcript:

BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies

What is BGPSEC? Proposal for securing the AS-PATH attribute Extension to BGP that is negotiated as a new capability (RFC 5492) An optional path attribute that contains a list of cryptographic signatures that protect the AS-PATH 2

Goals and Non-Goals Goal: To ensure the integrity of the NRLI and AS-PATH attribute in a BGP Update Example: an update X.Y/16 with AS-PATH: AS 1, AS 2, AS 3 Upon Receipt of this update, AS 4 is assured that – AS 1 originated a route for X.Y/16 and sent it to AS 2 – AS 2 received this route from AS 1 and sent it to AS 3 – AS 3 received this route from AS 2 and sent it to AS 4 Non-Goal : Anything having to do with the data path! 3

The -00 drafts Please read: – draft-lepinski-bgpsec-overview-00 – draft-lepinski-bgpsec-protocol-00 A first cut at specifying an incrementally deployable BGP extension for securing the AS-Path – Focus: simple, understandable protocol with correct semantics – No attempts whatsoever were made to optimize computation time, storage space, network traffic, etc For List Discussion: Do these documents describe an approach that the SIDR WG wants to pursue? 4

Negotiating BGPSEC BGPSEC only between consenting routers BGPSEC capability contains – Send bit == “I am willing to send the BGPSEC attribute” – Receive bit == “I am willing to receive the attribute” – AFI : IPv4 and IPv6 negotiated separately Adding signatures can make update messages big – In order to receive BGPSEC you probably need to support updates larger than 4096 bytes – See: draft-ymbk-bgp-extended-messages Note: Permit negotiation of simplex BGPSEC because sending is much easier than receiving 5

Signing at Provider Boundaries Protects only interdomain routing, not iBGP Signatures are added when a route announcement leaves an AS However, iBGP needs to carry BGPSEC signatures 6 AS 2 AS 0 AS 1 eBGP iBGP Signature added

End-Entity Certificates for Routers Extend the RPKI to include new end-entity certs – Issued under the CA certificate for an AS – Private keys held by the AS’s edge routers – Can do one key per router, or share common keys /24 AS 123, AS 456 Public Key ISP CA AS 123 Public Key AS Cert CA AS3130 rtr-00 Router EE Cert Public Key AS3130 rtr-00 Router EE Cert Public Key AS3130 rtr-00 Router EE Cert Public Key AS3130 rtr-00 Router EE Cert Public Key AS 123 rtr-00 Router EE Cert Public Key

BGPSEC and the RPKI To send BGPSEC, a router needs only its private key To validate BGPSEC, a router needs – (SKI, Public Key, AS) triples from valid certs – Origin validation data 8 RPKI Repository Validating Cache Edge Router

What Data is Signed (1/2) The Signature of AS 0 includes the AS number of the peer to whom the update is being sent The SKI is used by the recipient to look-up the public key needed to verify the signature 9 Hash Signed (Te) by Router Key AS0-Rtr-xx NLRIAS0 Signed Forward Reference SKI 0AS1Sig0 New Optional Path Attribute Time

What Data is Signed (2/2) The signature of AS 1 covers the signature of AS 0 plus new fields added by AS 1 When AS 2 receives the update message it contains signatures from both AS 1 and AS 0 10 AS1AS2SKI 1 Signed Forward Reference SKI 0NLRIAS0AS1Sig0 Hash Signed (Te) by Router Key AS0.Rtr-xxz Sig1 Hash Signed by Router Key AS1-Rtr-yy New Optional Path Attribute New Path Transitive Attribute

To see such signatures are useful … 11 … recall the threats presentation

Kapela/Pilosov Attack (1/2) AS 120 AS 121 AS 122 AS 123 AS 125 AS /16: (120)129.7/16: (123, 120) 129.7/16: (121, 120) 129.7/16: (120) 129.7/16: (122, 123, 120) 129.7/16: (124, 122, 123, 120) AS 125 wants to be a MITM for traffic to 129.7/16

Kapela/Pilosov Attack (2/2) AS 120 AS 121 AS 122 AS 123 AS 125 AS /16: (120) 129.7/17: (124, 125, 123, 120) 129.7/17: (125, 123, 120) AS 125 forwards hijacked traffic to AS 120 via this path 129.7/16: (123, 120) 129.7/17: (122, 124, 125, 123, 120)

Note on Signing the NLRI The signature of the origin AS covers the NLRI in the update Therefore, changing the NLRI breaks the signature This is important so an adversary does not change a received prefix (e.g., lengthen it) BGPSEC does not currently support multiple prefixes in the NLRI of a single update – To avoid problems if a later AS only advertised one of a set of received prefixes Possible area to explore future optimizations 14

But changing the NLRI is not the only way to attract traffic … 15

Dropping an AS AS 120 AS 121 AS 122 AS 123 AS 125 AS 124 AS 120 has a ROA for 129.7/ /16: (120)129.7/16: (123, 120) 129.7/16: (121, 120) 129.7/16: (120) 129.7/16: (123, 120) 129.7/16: (122, 120) 129.7/16: (124, 122, 120) AS 122 drops an AS to make its path appear shorter, to attract 129.7/16 traffic from AS 124 AS 122 wants to be a MITM for traffic to 129.7/16

Time What Data is Signed 17 AS1AS2SKI 1 Signed Forward Reference SKI 0NLRIAS0AS1Sig0 Hash Signed (Te) by Router Key AS0.Rtr-xxz Sig1 Hash Signed by Router Key AS1-Rtr-yy New Optional Path Attribute New Path Transitive Attribute

BGPSEC_Path_Signatures Attribute Note: Red block of signatures is optional and is used only to facilitate algorithm transition Expire Time? … let’s recall the threats presentation … 18 Expire Time Algorithm ID Signature of Origin AS SKI of Origin AS Signature of 2nd AS SKI of 2nd AS Signature of 2rd AS SKI of 3rd AS Algorithm ID Signature of Origin AS SKI of Origin AS Signature of 2nd AS SKI of 2nd AS Signature of 2rd AS SKI of 3rd AS

Hijack via Update Replay (1/2) AS 120 AS 121 AS 122 AS 123 AS 125 AS 124 AS 120 has a ROA for 129.7/ /16: (120)129.7/16: (123, 120) 129.7/16: (121, 120) 129.7/16: (120) 129.7/16: (123, 120) 129.7/16: (122, 123, 120) 129.7/16: (124, 122, 123, 120)

Hijack via Update Replay (2/2) AS 120 AS 121 AS 122 AS 123 AS 125 AS 124 AS 120 has a ROA for 129.7/ /16: (120)129.7/16: (123, 120) 129.7/16: (120) 129.7/16: (122, 123, 120) AS 122 no longer has a path to 120, but it can replay an old update

Expire Time and Beaconing Origin of a route announcement selects the Expire Time Expire Time limits the window of vulnerability to replay attacks New prefix announcement needs to be made well before the Expire Time is reached, AKA beaconing Natural trade-off: – Short expire time means stronger replay protection – Longer expire time means less BGP traffic 21

BGPSEC Validation Recipient validates as follows: – Check the expire time – Perform origin validation – Fetch public keys and verify the AS in AS-PATH matches the AS from the router end-entity certificate – Verify the signatures <=== Crypto Validation need only be done upon receiving a signed update from external peer What you do with the validation state is completely up to your local policy!! 22

Final Notes Incrementally deployable – An AS can use BGPSEC for only some prefixes or only at certain edge routers Protects only the AS-PATH attribute and the NLRI – Consistent with the current SIDR charter – Consistent with our current understanding of threats and desired BGP semantics Cryptographic algorithm agility – Specification outlines a procedure for changing algorithms – As with the RPKI, algorithm transitions are expensive and global 23

Co-Authors Rob Austein, ISC Steven Bellovin, Columbia Univ Rany Bush, IIJ Russ Housley, Vigilsec Stephen Kent, BBN Warren Kumari, Google Doug Montgomery, NIST Kotikalapudi Sriram, NIST Samuel Weiler, Sparta 24

Valuable Review and Contribution Luke Berndt Sharon Goldberg Ed Kern Chris Marrow Doug Maughan Pradosh Mohapatra Russ Mundy Sandy Murphy 25 Keyur Patel Mark Reynolds Heather Schiller Jason Schiller John Scudder David Ward Ruediger Volk Your Name Here!