Presentation is loading. Please wait.

Presentation is loading. Please wait.

BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies.

Published byAmbrose Harvey Modified over 9 years ago

Similar presentations

Presentation on theme: "BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies."— Presentation transcript:

1 BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies

2 What is BGPSEC? Proposal for securing the AS-PATH attribute Extension to BGP that is negotiated as a new capability (RFC 5492) An optional path attribute that contains a list of cryptographic signatures that protect the AS-PATH 2

3 Goals and Non-Goals Goal: To ensure the integrity of the NRLI and AS-PATH attribute in a BGP Update Example: an update X.Y/16 with AS-PATH: AS 1, AS 2, AS 3 Upon Receipt of this update, AS 4 is assured that – AS 1 originated a route for X.Y/16 and sent it to AS 2 – AS 2 received this route from AS 1 and sent it to AS 3 – AS 3 received this route from AS 2 and sent it to AS 4 Non-Goal : Anything having to do with the data path! 3

4 The -00 drafts Please read: – draft-lepinski-bgpsec-overview-00 – draft-lepinski-bgpsec-protocol-00 A first cut at specifying an incrementally deployable BGP extension for securing the AS-Path – Focus: simple, understandable protocol with correct semantics – No attempts whatsoever were made to optimize computation time, storage space, network traffic, etc For List Discussion: Do these documents describe an approach that the SIDR WG wants to pursue? 4

5 Negotiating BGPSEC BGPSEC only between consenting routers BGPSEC capability contains – Send bit == “I am willing to send the BGPSEC attribute” – Receive bit == “I am willing to receive the attribute” – AFI : IPv4 and IPv6 negotiated separately Adding signatures can make update messages big – In order to receive BGPSEC you probably need to support updates larger than 4096 bytes – See: draft-ymbk-bgp-extended-messages Note: Permit negotiation of simplex BGPSEC because sending is much easier than receiving 5

6 Signing at Provider Boundaries Protects only interdomain routing, not iBGP Signatures are added when a route announcement leaves an AS However, iBGP needs to carry BGPSEC signatures 6 AS 2 AS 0 AS 1 eBGP iBGP Signature added

7 End-Entity Certificates for Routers Extend the RPKI to include new end-entity certs – Issued under the CA certificate for an AS – Private keys held by the AS’s edge routers – Can do one key per router, or share common keys 7 192.0.2.0/24 AS 123, AS 456 Public Key ISP CA AS 123 Public Key AS Cert CA AS3130 rtr-00 Router EE Cert Public Key AS3130 rtr-00 Router EE Cert Public Key AS3130 rtr-00 Router EE Cert Public Key AS3130 rtr-00 Router EE Cert Public Key AS 123 rtr-00 Router EE Cert Public Key

8 BGPSEC and the RPKI To send BGPSEC, a router needs only its private key To validate BGPSEC, a router needs – (SKI, Public Key, AS) triples from valid certs – Origin validation data 8 RPKI Repository Validating Cache Edge Router

9 What Data is Signed (1/2) The Signature of AS 0 includes the AS number of the peer to whom the update is being sent The SKI is used by the recipient to look-up the public key needed to verify the signature 9 Hash Signed (Te) by Router Key AS0-Rtr-xx NLRIAS0 Signed Forward Reference SKI 0AS1Sig0 New Optional Path Attribute Time

10 What Data is Signed (2/2) The signature of AS 1 covers the signature of AS 0 plus new fields added by AS 1 When AS 2 receives the update message it contains signatures from both AS 1 and AS 0 10 AS1AS2SKI 1 Signed Forward Reference SKI 0NLRIAS0AS1Sig0 Hash Signed (Te) by Router Key AS0.Rtr-xxz Sig1 Hash Signed by Router Key AS1-Rtr-yy New Optional Path Attribute New Path Transitive Attribute

11 To see such signatures are useful … 11 … recall the threats presentation

12 Kapela/Pilosov Attack (1/2) AS 120 AS 121 AS 122 AS 123 AS 125 AS 124 129.7/16: (120)129.7/16: (123, 120) 129.7/16: (121, 120) 129.7/16: (120) 129.7/16: (122, 123, 120) 129.7/16: (124, 122, 123, 120) AS 125 wants to be a MITM for traffic to 129.7/16

13 Kapela/Pilosov Attack (2/2) AS 120 AS 121 AS 122 AS 123 AS 125 AS 124 129.7/16: (120) 129.7/17: (124, 125, 123, 120) 129.7/17: (125, 123, 120) AS 125 forwards hijacked traffic to AS 120 via this path 129.7/16: (123, 120) 129.7/17: (122, 124, 125, 123, 120)

14 Note on Signing the NLRI The signature of the origin AS covers the NLRI in the update Therefore, changing the NLRI breaks the signature This is important so an adversary does not change a received prefix (e.g., lengthen it) BGPSEC does not currently support multiple prefixes in the NLRI of a single update – To avoid problems if a later AS only advertised one of a set of received prefixes Possible area to explore future optimizations 14

15 But changing the NLRI is not the only way to attract traffic … 15

16 Dropping an AS AS 120 AS 121 AS 122 AS 123 AS 125 AS 124 AS 120 has a ROA for 129.7/16 129.7/16: (120)129.7/16: (123, 120) 129.7/16: (121, 120) 129.7/16: (120) 129.7/16: (123, 120) 129.7/16: (122, 120) 129.7/16: (124, 122, 120) AS 122 drops an AS to make its path appear shorter, to attract 129.7/16 traffic from AS 124 AS 122 wants to be a MITM for traffic to 129.7/16

17 Time What Data is Signed 17 AS1AS2SKI 1 Signed Forward Reference SKI 0NLRIAS0AS1Sig0 Hash Signed (Te) by Router Key AS0.Rtr-xxz Sig1 Hash Signed by Router Key AS1-Rtr-yy New Optional Path Attribute New Path Transitive Attribute

18 BGPSEC_Path_Signatures Attribute Note: Red block of signatures is optional and is used only to facilitate algorithm transition Expire Time? … let’s recall the threats presentation … 18 Expire Time Algorithm ID Signature of Origin AS SKI of Origin AS Signature of 2nd AS SKI of 2nd AS Signature of 2rd AS SKI of 3rd AS Algorithm ID Signature of Origin AS SKI of Origin AS Signature of 2nd AS SKI of 2nd AS Signature of 2rd AS SKI of 3rd AS

19 Hijack via Update Replay (1/2) AS 120 AS 121 AS 122 AS 123 AS 125 AS 124 AS 120 has a ROA for 129.7/16 129.7/16: (120)129.7/16: (123, 120) 129.7/16: (121, 120) 129.7/16: (120) 129.7/16: (123, 120) 129.7/16: (122, 123, 120) 129.7/16: (124, 122, 123, 120)

20 Hijack via Update Replay (2/2) AS 120 AS 121 AS 122 AS 123 AS 125 AS 124 AS 120 has a ROA for 129.7/16 129.7/16: (120)129.7/16: (123, 120) 129.7/16: (120) 129.7/16: (122, 123, 120) AS 122 no longer has a path to 120, but it can replay an old update

21 Expire Time and Beaconing Origin of a route announcement selects the Expire Time Expire Time limits the window of vulnerability to replay attacks New prefix announcement needs to be made well before the Expire Time is reached, AKA beaconing Natural trade-off: – Short expire time means stronger replay protection – Longer expire time means less BGP traffic 21

22 BGPSEC Validation Recipient validates as follows: – Check the expire time – Perform origin validation – Fetch public keys and verify the AS in AS-PATH matches the AS from the router end-entity certificate – Verify the signatures <=== Crypto Validation need only be done upon receiving a signed update from external peer What you do with the validation state is completely up to your local policy!! 22

23 Final Notes Incrementally deployable – An AS can use BGPSEC for only some prefixes or only at certain edge routers Protects only the AS-PATH attribute and the NLRI – Consistent with the current SIDR charter – Consistent with our current understanding of threats and desired BGP semantics Cryptographic algorithm agility – Specification outlines a procedure for changing algorithms – As with the RPKI, algorithm transitions are expensive and global 23

24 Co-Authors Rob Austein, ISC Steven Bellovin, Columbia Univ Rany Bush, IIJ Russ Housley, Vigilsec Stephen Kent, BBN Warren Kumari, Google Doug Montgomery, NIST Kotikalapudi Sriram, NIST Samuel Weiler, Sparta 24

25 Valuable Review and Contribution Luke Berndt Sharon Goldberg Ed Kern Chris Marrow Doug Maughan Pradosh Mohapatra Russ Mundy Sandy Murphy 25 Keyur Patel Mark Reynolds Heather Schiller Jason Schiller John Scudder David Ward Ruediger Volk Your Name Here!

Download ppt "BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies."

Similar presentations

A Threat Model for BGPSEC

A Threat Model for BGPSEC
A Threat Model for BGPSEC Steve Kent BBN Technologies.

A Threat Model for BGPSEC Steve Kent BBN Technologies.
RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.

Overview of draft-ietf-sidr-roa-format-01.txt Matt Lepinski BBN Technologies.
BGP.

BGP.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.

Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
CS 672 1 Summer 2003 Lecture 14. CS 672 2 Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.

More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.
Inter-domain Routing security Problems Solutions.

Inter-domain Routing security Problems Solutions.
1 Securing BGP Large scale trust to build an Internet again Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

1 Securing BGP Large scale trust to build an Internet again Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

Similar presentations

Ads by Google