Presentation is loading. Please wait.

Presentation is loading. Please wait.

BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.

Published byAlexandrina O’Brien’ Modified over 9 years ago

Similar presentations

Presentation on theme: "BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis."— Presentation transcript:

1 BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis

2 Goals of this draft Key rollover & certificate life-cycle management are necessary topics when developing a PKI – RFC 6489 describes a rollover method of RPKI CA keypairs & certificates – Rollover of EE certificates is not described, but it is a relatively simple matter of distributing a new EE certificate & ROA before the old one expires – However, router BGPSEC adds router keypairs/certificates, and their expiration affects BGP state. It’s important to carefully consider and document this process. This is the primary goal of this draft We then show that once this rollover method is available that it can be used as a replay mechanism for BGPSEC – Preventing replays of updates that do not meet current policy – Re-enforcing current policy 3/26/122IETF SIDR WG

3 Motivations for Router Keypair/Certificate Rollover Scheduled rollover due to AS security policy – E.g., periodic renewal of keypairs/certificates because of a certificate lifetime policy Changes in certificate fields – E.g., a subject name change Emergency rollover – E.g., due to a router’s private key compromise. – When all PE routers in the AS share a keypair/certificate, it is especially important to be prepared to rollover. 3/26/123IETF SIDR WG

4 Steps in the Rollover New Certificate Pre-publication – Rollover AS Generates new keypair (optional) and obtains a new certificate for the router(s) – If generated elsewhere, keypairs are positioned onto the router(s) Stage Period – Rollover AS makes the new certificate available to the RPKI global repository and it is propagated to RPKI Caches – Each global RPKI-Cache will add the new key to the routers that it manages Twilight – Rollover AS Routers begin using new keys to sign BGP Updates – They also must generate new BGP Updates for every BGP Updates signed by the old key (both origin and transit signatures) CRL Publication (optional) – If this is an Emergency Rollover, the Rollover AS distributes a CRL including the Serial Number of the old certificate RPKI-Router Protocol Withdrawal – Each global RPKI-Caches removes the old key from the routers that it manages – Routers withdraw any RIB entry that includes an attribute signed with that key 3/26/124IETF SIDR WG

5 3/26/12IETF SIDR WG5 New Certificate Pre-publication Twilight Rollover AS distributes new Certificate to RPKI Caches CRL Publication Rollover AS Distributes New Signed Updates Rollover AS Distributes new CRL to RPKI Caches RPKI-Router Protocol Withdrawal RPKI Caches remove old public key mapping from routers. Routers withdraw routes using old public key Old Keypair & Certificate fully retired Cache Update Timeframe BGP Update Propagation Timeframe Cache Update Timeframe BGP Update Propagation Timeframe Rollover Timeline (CRL Publication) Stage Rollover AS Creates new keypair/ Cert Generation Timeframe CRL Processed

6 Operational Requirements This process requires nothing different by operations staff over the initial key generation process – Generation of a keypair & distribution to all routers using that keypair (if shared) – Obtaining a certificate for the keypair & installing it on the local RPKI Cache – (Optional) Generating a new CRL & installing it on the local RPKI Cache Everything else happens naturally as a function of RPKI operations & router software 3/26/126IETF SIDR WG

7 Origin vs. Transit Signing A transit AS that also originates routes in BGP could benefit from using a unique keypair/certificate for Updates that it originates from Updates that it receives, signs and forwards (i.e., transits) – This method reduces the number of Updates that need to be originated and withdrawn if the Origin keypair/certificate needs to be replaced – It may also be possible to choose a longer certificate validity period for the keypair used to sign transit Updates 3/26/12IETF SIDR WG7

8 Rollover without a key change When a router certificate rollover happens due to policy (e.g., certificate expiration), it is advisable to issue a certificate with the same key – The scope of the rollover is thus restricted to the RPKI Caches – There’s no need for routers to issue new Updates or withdraw old Updates, because the router cache has not changed 3/26/12IETF SIDR WG8

9 Other reasons to use the rollover mechanism It is necessary to distribute new Updates and Withdrawals as part of the rollover process. – These are the same steps needed by any method that changes BGP (e.g., the Expire Time) – Can we use a BGPSEC rollover event as a BGPSEC replay protection method? 3/26/12IETF SIDR WG9

10 Replay Protection The requirements document says 4.3 Replay of BGP UPDATE messages need not be completely prevented, but a BGPsec design MUST provide a mechanism to control the window of exposure to replay attacks. The “window of exposure” is only open if something about the Update has changed (e.g., AS_PATH first hop) – Under normal circumstances, this is infrequent – When there is a change, a BGPSEC rollover is about 2 * Cache Update Period +1 * BGP Update Period. – Conservative setting of the Expire Time (currently specified in the BGPSEC protocol) may not react in a shorter period Note that the use of the Expire Time requires new Updates regardless of whether there is an open window 3/26/1210IETF SIDR WG

11 Conclusions It is both necessary and valuable to describe a careful process for BGPSEC router keypair/certificate rollover This process can also be used to ensure freshness in the routing system, without changing BGP semantics We believe this topic is suitable as a WG deliverable, and would like feedback regarding making this a WG document 3/26/1211IETF SIDR WG

12 Backup Slides 3/26/12IETF SIDR WG12

13 Rollover Timeline (Certificate Expiration) 3/26/12IETF SIDR WG13 New Certificate Pre-publication Twilight Rollover AS distributes new Certificate to RPKI Caches Rollover AS Distributes New Signed Updates RPKI-Router Protocol Withdrawal RPKI Caches remove old public key mapping from routers. Routers withdraw routes using old public key Old Keypair & Certificate fully retired Cache Update Timeframe BGP Update Propagation Timeframe Stage Rollover AS Creates new keypair/ Cert Generation Timeframe Expiration

14 Maintaining the replay window in the RPKI It is still possible to maintain a replay window in the RPKI by – Choosing a short certificate validation period – When there is no need to withdraw a router, re- issue the router certificate with the same public key, but change the key when necessary This can be thought of as “beaconing” within the RPKI, but without changing BGP state 3/26/1214IETF SIDR WG

Download ppt "BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis."

Similar presentations

A Threat Model for BGPSEC

A Threat Model for BGPSEC
A Threat Model for BGPSEC Steve Kent BBN Technologies.

A Threat Model for BGPSEC Steve Kent BBN Technologies.
RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.

A Profile for Trust Anchor Material for the Resource Certificate PKI Geoff Huston SIDR WG IETF 74.
BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014.

BGP-SRx BGP - Secure Routing Extension BRITE BGP Security / RPKI Interoperability Test & Evaluation Doug Montgomery 1IETF 802/12/2014.
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
RPKI Validation - Revisited draft-huston-rpki-validation-00.txt Geoff Huston George Michaelson APNIC.

RPKI Validation - Revisited draft-huston-rpki-validation-00.txt Geoff Huston George Michaelson APNIC.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
SIDR WORKING GROUP IETF 80 PRAGUE draft-manderson-sidr-geo-00.

SIDR WORKING GROUP IETF 80 PRAGUE draft-manderson-sidr-geo-00.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

SMUCSE 5349/7349 Public-Key Infrastructure (PKI).

Similar presentations

Ads by Google