Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Origin Authentication in Interdomain Routing Security Reading Group September 3, 2004 William Aiello, John Ioannidis, and Patrick McDaniel Proceedings.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Origin Authentication in Interdomain Routing Security Reading Group September 3, 2004 William Aiello, John Ioannidis, and Patrick McDaniel Proceedings."— Presentation transcript:

1 1 Origin Authentication in Interdomain Routing Security Reading Group September 3, 2004 William Aiello, John Ioannidis, and Patrick McDaniel Proceedings of 10th ACM Conference on Computer and Communications Security (CCS'03) Presenter: Jonathan McCune Some slides borrowed from L. Gao, P. McDaniel

2 2 Interdomain Routing Security Issues We don ’ t authenticate ASes  How can we tell Sprint from somebody who claims to be Sprint? We don ’ t authenticate paths  How do we know a malicious party is not changing the route our traffic takes? We don ’ t authenticate addresses  How do we know that an enterprise uses only those addresses is has the right to? Origin Authentication: validation of an AS ’ s claim of address ownership

3 3 Overview Background Formalization  Semantics of address delegation  Origin authentication proof systems Modeling  Address delegation graph Evaluating resource costs  Feasibility of an online Origin Authentication system

4 4 Interdomain Routing The Internet consists of many routing domains:  Routing inside a domain is determined by an intradomain routing protocol (e.g., OSPF)  Routing between domains is governed by an interdomain routing protocol (e.g., BGP)  Intradomain and interdomain routing decisions are largely made independently Reasons:  Scale  Administrative autonomy

5 5 BGP (Border Gateway Protocol) BGP:  The interdomain routing protocol used on the Internet  Routing domains are called Autonomous Systems (ASes), e.g. AT&T. ASes:  Announce the prefixes that they own (IP address ranges, e.g. 12.1.1.0/24) to their neighboring ASes.  Exchange prefix announcements with all one- hop neighbors

6 6 Intra-AS and Inter-AS Routing: Example Source: Computer Networking: A Top-Down Approach Featuring the Internet The route from A.d to B.b: intra-AS and inter-AS path segments.

7 7 Origin Authentication Goal:  Provide evidence (cryptographically strong authentication tags) of the relations between organizations, ASes, and prefixes. Evidence Validated Address Advertisements Address Advertisements BGP Speakers

8 8 Address Delegation Registries – ISPs – Customers The IPv4 address space is governed by IANA IANA delegates parts of the global address space to organizations Each organization may further  Delegate some or all of the received address space to any organization it desires  Assign its address space to the AS in which the addresses reside Logistical nightmare: how space was retrieved, by whom, and when is not well documented

9 9 Address Delegation: Example AT&T delegates 12.1.1.0/24 to ALPHA AT&T assigns 12.0.0.0/8 to AS7018 Longest prefix matching for 12.1.1.0/24 Address announcements: ASes advertise the set of prefixes that they originate (prefix, ASN)

10 10 Definition: Organization ASN = { 1, 2, …, K }, where currently K = 2 16  E.g. AS7018, AS29987 S = { all BGP speaking organizations }  E.g. AT&T, ARIN, ALPHA, BETA ASN(C) = { AS # currently assigned to C }  E.g. for C = ALPHA, ASN(C) = { AS29987 } O = S  { IANA }  { other prefix registries }

11 11 Definition: Prefixes IPA = { 0, 1 } l, where l = 32/64 for IPv4/IPv6 Address Prefixes: x/j  x is a j bit number, and j  [ 0, l ], e.g. 128/8  x/j = { x  y | y is a ( l-j ) bit number }  IPA =  /0 x/j x  0/(j+1) x  1/(j+1) Disjoint Union Superset Subprefix and superprefix

12 12 Prefix Tree of IPA  /0 0/11/1 0  0/20  1/21  0/21  1/2 1  1/320  0/32

13 13 Delegation Semantics An organization C in O delegates/assigns y/k by (C, y/k, x) Where:  x = C ’ in O (organization delegation) or  x = n in ASN (AS assignment) or  x = R (RESERVED) or  x = (UNAUTHENTICATED) P (C) = delegations made by C in O

14 14 Definition: delegation policy For a given prefix y/k and an organization C:  (C, y/k, n): C assigns y/k to an ASN n  (C, y/k, C ’ ): C delegates y/k to C ’  (C, y/k, R): C declares y/k as RESERVED  (C, y/k, U): C ’ s delegation or assignment of y/k is UNAUTHENTICATED C may perform zero, one, or more of the above options The set of triples is C ’ s delegation policy for y/k

15 15 Delegation Graphs A directed graph G = (V, E)  V=O  ASN  R  U    E={(x, y/k, z)} Example:  V = { IANA, AT&T, … }  E = {(IANA,12.0.0.0/8,AT&T), … } Definition:  Ownership Source  Assignment Edge  ASN-respecting

16 16 Valid & Faithful A directed path is valid for y/k if:  The ownership source is IANA  The path is monotonic (with respect to subprefix)  The path is acyclic  The assignment edge is labeled y/k and is ASN-respecting C ’ s delegation policy is faithful for y/k if there is at most one triple in the form:  (C, y/k, n)  (C, x/j, C ’ ), (C, x/j, U), or (C, x/j, R), where x/j is a superprefix of y/k

17 17 Verification of Origin Announcements OAs are verified by Origin Authentication Tags (OATs):  A delegation path  A set of delegation attestations o one for each edge in the path  An ASN Ownership Proof Assumption: certificate infrastructure (PKI) Attestations are proofs of edges in the graph

18 18 Delegation Schemes 1. Simple Delegation Attestation (SDA) 2. Authenticated Delegation List (ADL) 3. AS Authenticated Delegation List (AS ADL) 4. Authenticated Delegation Tree (ADT)

19 19 Simple Delegation Attestation A signature by C for a prefix x/j:  { ( C, x/j, F C (x/j) ) } C  A signed statement (by C ’ s key) binding the prefix (x/j) to an organization identifier (F C (x/j)) The simple delegation attestation for D(C): { ( C, x 1 /j 1, F C (x 1 /j 1 ) ) } C, { ( C, x 2 /j 2, F C (x 2 /j 2 ) ) } C, …, { ( C, x s /j s, F C (x s /j s ) ) } C

20 20 SDA: An Example The delegation path for 12.1.1.0/24 is: (IANA, AT&T, ALPHA, AS29987) The delegation attestation for the path are: [(IANA, 12.0.0.0/8, AT&T)] IANA, [(AT&T, 12.1.1.0/24, ALPHA)] AT&T, [(ALPHA, 12.1.1.0/24, AS29987)] ALPHA

21 21 Authenticated Delegation List C creates a single list of all of its delegations and sign that list [ { ( C, x 1 /j 1, F C (x 1 /j 1 ) ) }, { ( C, x 2 /j 2, F C (x 2 /j 2 ) ) }, …, { ( C, x s /j s, F C (x s /j s ) ) } ] C If C delegates x i /j i to B  C signs all of the delegations it makes to everyone.  B advertises x i /j i and provides this attestation

22 22 ADL: An Example The delegation path for 12.1.1.0/24 is: (IANA, AT&T, ALPHA, AS29987) The delegation attestations for the path are: [(IANA, 12.0.0.0/8, AT&T), (IANA, 64.0.0.0/8, ARIN)] IANA, [(AT&T, 12.1.1.0/24, ALPHA), (AT&T, 64.1.0.0/16, AS7018), (AT&T, 12.0.0.0/8, AS7018)] AT&T, [(ALPHA, 12.1.1.0/24, AS29987)] ALPHA

23 23 AS Authenticated Delegation List C breaks up the entire list into several lists and signs each of the smaller lists. The list is split according to those prefixes:  delegated to the same organization or  assigned to the same AS number If C delegates x i /j i to B  C signs all of the delegations it makes to B.  B advertises x i /j i and provides this attestation

24 24 AS ADL: An Example The delegation path for 12.0.0.0/8 is: (IANA, AT&T, AS7018) The delegation attestation for the path are: [(IANA, 12.0.0.0/8, AT&T)] IANA, [(AT&T, 64.1.0.0/16, AS7018), (AT&T, 12.0.0.0/8, AS7018)] AT&T

25 25 Authenticated Delegation Tree C creates a Merkle hash tree:  The values of the leaves: ( C, x/j, F C (x/j) )  The values of each internal node: H(L, R) If C delegates x i /j i to B  C only signs the root [h 0 ] C  C provides the value of the children of all of the nodes on the path in the Merkel tree from the root to (C, x i /j i, B)  B advertises x i /j i and provides this attestation

26 26 ADT: An Example The delegation attestation for (C, x 2 /j 2, B): {H(L 12, R 34 )} C, H(L 3, R 4 ), (C, x 1 /j 1, A) H(L 12, R 34 ) H(L 1, R 2 )H(L 3, R 4 ) (C, x 1 /j 1, A)(C, x 2 /j 2, B)(C, x 3 /j 3, D)(C, x 4 /j 4, E)

27 27 Authenticated Delegation Dictionaries - 1 The model for an authenticated dictionary An Authenticated Dictionary for C:  Element: (C, y/k, F C (y/k))  The search key: address prefixes  Data Structure: balanced 2-3 trees, with leaves sorted based on the search key User Directory Dictionary Query Yes/No + Proof Attestations

28 28 Authenticated Delegation Dictionaries - 2 Prefix Tree rooted at x/j: A total order of the prefixes: x/j < x  y/(j+k) < z/j The smallest element: x/j The largest element: x  1 l-j / l x/j x  0/(j+1)x  1/(j+1) x  0  0/(j+2)x  0  1/(j+2)x  1  0/(j+2)x  1  1/(j+2)

29 29 Authenticated Delegation Dictionaries - 3 ADD for C: The delegation attestation for (C, x 2 /j 2, B):  The signed root: {k0  H(L 123, R 45 )} C  The value of the children of the nodes of the path: k3  H(L 4, R 5 ), (C, x 1 /j 1, A), (C, x 3 /j 3, D)  The search tree path k0  H(L 123,R 45 ) k1  k2  H(L 1,M 2,R 3 ) k3  H(L 4,R 5 ) (C, x 1 /j 1, A) (C, x 2 /j 2, B) (C, x 3 /j 3, D) (C, x 5 /j 5, F) ) (C, x 4 /j 4, E)

30 30 Approximating IP Address Delegation Goal:  To understand how and by whom delegation occurs Sources: IANA and BGP announcements What do we learn?  Dense (16 orgs delegate 80% address space)  Stable (10-30% movement in 5 months)

31 31 Approximation Example

32 32 Delegation in the Approximate Delegation Graph The overwhelming majority of delegations are being performed by a relatively few ASes/organizations

33 33 Trace-Based Simulation The OAsim simulator:  Models the operation of a single BGP speaker  Accepts timed BGP UPDATE streams  Computes bandwidth/computational costs  Implements four service designs Dataset:  Obtained from RouteViews  A trace of BGP updates over a 24 hour period

34 34 Computational Costs

35 35 Bandwidth Costs

36 36 Conclusions OA is important in inter-domain routing  Trace and validate the delegation of address usage Formalization  Semantics of address ads & proofs of delegation Modeling  Current IPv4 address delegation is dense & static Performance Evaluation  Tree-based proof system has best computation / bandwidth trade-offs Online origin authentication is now in the realm of possibility

37 37 Questions ? Comments?

Download ppt "1 Origin Authentication in Interdomain Routing Security Reading Group September 3, 2004 William Aiello, John Ioannidis, and Patrick McDaniel Proceedings."

Similar presentations

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”

A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
124.09.2012 1 Lecture 5 - Routing On the Flat Labels M.Sc Ilya Nikolaevskiy Helsinki Institute for Information Technology (HIIT)

Lecture 5 - Routing On the Flat Labels M.Sc Ilya Nikolaevskiy Helsinki Institute for Information Technology (HIIT)
BGP.

BGP.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
1 CCNA 3 v3.1 Module 1. 2 CCNA 3 Module 1 Introduction to Classless Routing.

1 CCNA 3 v3.1 Module 1. 2 CCNA 3 Module 1 Introduction to Classless Routing.
Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.

Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.
3/9/2004Presenter: Lan Gao1 Origin Authentication in Interdomain Routing William Aiello, John Ioannidis, and Patrick McDaniel Proceedings of 10th ACM Conference.

3/9/2004Presenter: Lan Gao1 Origin Authentication in Interdomain Routing William Aiello, John Ioannidis, and Patrick McDaniel Proceedings of 10th ACM Conference.
CCNA 2 v3.1 Module 6.

CCNA 2 v3.1 Module 6.
Routing and Routing Protocols

Routing and Routing Protocols
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.
1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)

1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)
Computer Networks Layering and Routing Dina Katabi

Computer Networks Layering and Routing Dina Katabi
APNIC eLearning: Intro to RPKI 10 December 2014 12:30 PM AEST Brisbane (UTC+10)

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

Similar presentations

Ads by Google