Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing."— Presentation transcript:

1 Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security kent@bbn.com APNIC Open Policy Meeting Routing SIG Kyoto, Japan

2 2 Background  I assume this audience knows l How BGP works l Why security for BGP is a concern l What are critical BGP security requirements l Why “trust” is not the preferred basis for determining claims about prefix holders, origination, and routes l The need for incremental deployment capabilities for proposed solutions l …  This presentation will focus on just one proposed solution: S-BGP

3 3 Secure BGP (S-BGP)  S-BGP is an architectural solution to the BGP security problems described earlier  S-BGP represents an extension of BGP l It uses a standard BGP facility to carry additional data about paths in UPDATE messages l It adds an additional set of checks to the BGP route selection algorithm  S-BGP avoids the pitfalls of transitive trust that are common in today’s routing infrastructure  S-BGP mechanisms exhibit the same dynamics as BGP, and they scale commensurately with BGP

4 4 S-BGP Design Overview  S-BGP makes use of: l IPsec to secure point-to-point communication of BGP control traffic l Public Key Infrastructure to provide an authorization framework representing prefix holders and owners of AS #’s l Attestations (digitally-signed data) to represent authorization information  S-BGP requires routers to: l Generate an attestation when generating an UPDATE for another S-BGP router l Validate attestations associated with each UPDATE received from another S-BGP router

5 5 IPsec for S-BGP  S-BGP uses IPsec to protect all BGP traffic between neighbor routers  As used here, IPsec provides cryptographically enforced data authentication, data integrity, and anti-replay features  IPsec represents a significant improvement over the MD5 TCP checksum option used in some contexts today l Automated key management l More comprehensive security guarantees l Better, standards-based cryptographic protection

6 6 Subscriber Organization Regional Registry ISP IANA Subscriber Organization Prefix Allocation Subscriber Organization ISP IANA (historical) National Registry Local Registry ISP Subscriber Organization

7 7 Subscriber Organizations Regional Registries ISPs IANA AS # Allocation Hierarchy

8 8 A PKI for S-BGP  Public Key (X.509) certificates are issued to ISPs and subscribers to identify AS # owners and prefix holders, using RFC 3779 syntax  Prefixes and public keys in certificates are used to verify authorization of address attestations  Address attestations, AS #’s and public keys from certificates are used as inputs to verification of UPDATE messages  The PKI does NOT rely on any new organizations that require trust; it just makes explicit and codifies the relationships among regional, national and local registries, ISPs, and subscribers

9 9 S-BGP PKI Characteristics  S-BGP certificates do not identify ISPs per se  Most of these certificates bind AS #’s and prefixes to public keys, not to meaningful IDs (avoids name problems re mergers, bankruptcy, …)  Each RIR (NIR/LIR) acts as a CA to issues certificates that allocate prefixes and AS #’s  Each ISP acts as a CA to issue certificates to each entity to which it assigns prefixes, but only if the entity executes S-BGP  ISPs also issue certificates to their S-BGP routers, and operations personnel who interact with the S- BGP repositories

10 10 Two Types of Attestations  An Address Attestation (AA) is issued by the “owner” of one or more prefixes (a subscriber or an ISP), to identify the first (origin) AS authorized to advertise the prefixes  A Route Attestation (RA) is issued by a router on behalf of an AS (ISP), to authorize neighbor ASes to use the route in the UPDATE containing the RA  These data structures share the same basic format

11 11 Simplified Attestation Formats Algorithm ID & Sig Value Signed Info Certificate Issuer ID Attestation Type Route Attestation (Prefix 1, … Prefix n ) AS n, AS n-1, … As 2, Origin AS Address Attestation (Prefix 1, … Prefix n ) Origin AS

12 12 Processing an S-BGP UPDATE  When an S-BGP router generates an UPDATE for a recipient neighbor that implements S-BGP, it generates a new RA that encompasses the path and prefixes plus the AS # of the neighbor AS  When an S-BGP router receives an UPDATE from an S-BGP neighbor, it: l Verifies that its AS # is in the first RA l Validates the signature on each RA in the UPDATE, verifying that the signer represents the AS # in the path l Checks the corresponding AA to verify that the origin AS was authorized to advertise the prefix by the prefix holder

13 13 Housekeeping for S-BGP  Every S-BGP router needs access to all the certificates, CRLs, and address attestations so that it can verify any RA  These data items don’t belong in UPDATE messages  S-BGP uses replicated, loosely synchronized repositories to make this data available to ISPs and organizations  The repository data is downloaded by ISP/organization Network Operation Centers (NOCs) for processing l Each NOC validates retrieved certificates, CRLs, & AAs, then downloads an extracted file with the necessary data to routers l Avoids need for routers to perform this computationally intensive processing l Permits a NOC to override problems that might arise in distributing certificates and AAs, but without affecting other ISPs

14 14 S-BGP PKI Repositories  ISPs & organizations upload their own new data, download full database, on a daily basis  Repositories use the PKI to enforce access controls to counter DoS attacks l Access granted only to S-BGP users and other repositories l An ISP or organization is constrained to prevent overwriting data of another ISP or organization  Major ISPs could operate repositories for themselves & their subscribers  Internet exchanges or registries could operate repositories for other ISPs & subscribers  Note that repositories need not be highly available, e.g., they are NOT accessed in real time by routers

15 15 S-BGP System Interaction Example Repository S-BGP router S-BGP router upload self download everything ISP NOC upload self download everything exchange uploads push extract push extract S-BGP router S-BGP router UPDATEs Registry Get ISP certificate Get ISP certificate S-BGP router UPDATEs

16 16 Residual Vulnerabilities  S-BGP cannot ensure that a router withdraws a route when the only path (known to the router) for the route is withdrawn by a neighbor  S-BGP does not ensure timeliness of UDATEs, except to the extent that RAs time out l This means that a router could retransmit an UPDATE after it withdrew a route, without having been authorized to re-advertise the route

17 17 What Exists Today?  S-BGP code l Implemented on MRT code base l Includes basic policy controls for incremental deployment  NOC Tools l Mini-registration authority for certificate requests l AA generation l Repository upload/download tools l Certificate, CRL & AA validation & extract file generation  Repository l PKI-based access controls for access & uploads l Primitive management capabilities, no synchronization  CA for S-BGP PKI l A high assurance CA on an SELinux base processes X.509 certificate requests with S-BGP private extensions

18 18 Summary  S-BGP addresses the architectural security problems of BGP and supports verification of route changes in realtime  The impact on daily Registry & ISP operations is minimal, although training will be needed  The S-BGP PKI leverages existing authorization relationships and creates no new ones  Routers may require hardware upgrades, for crypto, even if not for memory  The security model embodies the principle of least privilege, providing containment in the face of compromise

19 Questions? http://www.ir.bbn.com/projects/s-bgp

20 Additional Slides

21 21 Deploying S-BGP  Router software must implement S-BGP  Router hardware must have appropriate storage & digital signature processing capabilities  Registries must assume CA responsibilities for address prefixes and AS # allocation  ISPs and subscribers that execute BGP must upgrade routers, must act as CAs, and must interact with repositories to exchange PKI & AA data

22 22 Router Memory & Performance  Routers need enough memory to hold route attestations in Adj-RIBs and Loc-RIB, plus storage for address attestation and processed certificates  Signature generation and validation pose a modest burden in a steady state context, well within the capabilities of CPUs used for router management  But, to accommodate surge volume during attacks, and to better protect router keys, use of a crypto accelerator is preferable  RA validation heuristics, e.g., deferred UPDATE validation, can reduce the crypto processing burden

23 23 Deferred UPDATE Validation  If validating every UPDATE poses too great a processing burden on a router, it can defer processing most UPDATEs  Only if an UPDATE would result in a new Loc-RIB entry is it necessary to validate it  Thus, a router with many peers, one that would receive the most UPDATEs, can defer validation for the vast majority of these messages  Also, if a router filters inbound UPDATEs using local policy info, it may ignore many UPDATEs anyway!  If validation is deferred, the router should at least check to verify that the RAs were current when the UPDATE was received

24 24

Download ppt "Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing."

Similar presentations

A Threat Model for BGPSEC

A Threat Model for BGPSEC
A Threat Model for BGPSEC Steve Kent BBN Technologies.

A Threat Model for BGPSEC Steve Kent BBN Technologies.
1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.

1 APNIC Resource Certification Service Project Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam George Michaelson.
Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.

Local TA Management A TA is a public key and associated data used as the starting point for certificate path validation It need not be a self-signed certificate.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
RPKI and Routing Security ICANN 44 June 2012. Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.

RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
BGP Security APNIC Open Policy Meeting Routing SIG 23 February 2005 Kyoto, Japan Russ Housley

BGP Security APNIC Open Policy Meeting Routing SIG 23 February 2005 Kyoto, Japan Russ Housley
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Similar presentations

Ads by Google