Upload
lefty
View
56
Download
1
Embed Size (px)
DESCRIPTION
SoBGP vs SBGP. Sharon Goldberg Princeton Routing Security Seminar June 27, 2006 and July 11, 2006. sBGP Review. A purist approach to secure the control plane using a centralized security approach Origin Authentication Origin Authentication Public Key Infrastructure (PKI) - PowerPoint PPT Presentation
Citation preview
Lightwave Communications Research LaboratoryPrinceton University
SoBGP vs SBGP
Sharon Goldberg
Princeton Routing Security Seminar
June 27, 2006
and
July 11, 2006
Princeton University
sBGP Review
• A purist approach to secure the control plane using a centralized security approach
• Origin Authentication – Origin Authentication Public Key Infrastructure (PKI)– Signed “Address Attestations”
• Path Authentication– Autonomous System (AS) PKI– Nested Signatures in UPDATE Messages (Route Attestations)
Princeton University
Subscriber Organizations
Subscriber Organizations
Subscriber Organizations
DelegateAllocate
Subscriber Organizations
Subscriber Organizations
Regional Registries
DSPsDSPs
ISPs
ICANN
Subscriber Organizations
Origin Authentication – PKI Delegation Heirarchy
Type Subject Addresses Signature
Root ICANN All By ICANN
Registry ARIN (US+Canada Region) 10.0.0.0/8 By ICANN
ISP/DSP Bell Canada 10.10.0.0/16 By ARIN
Subscriber Bank of Montreal 10.10.10.0/24 By Bell Canada
Type` Subject Signer
Root ICANN ICANN
Registry Regional Reg ICANN
ISP/DSP ISP/DSP Reg/ICANN
Subscriber Subscriber ISP/Reg/ICANN
A Canadian Example
Princeton University
SBGP – Origin Authentication
• Given a Address Attestation
[AS #848, 128.12.50.0/24]Private Key of Bank of Montreal
• Verify Using the Origin Authentication PKI– First check for the next level certificate
[Public Key of BMO, 128.12.50.0/22]Private Key of Bell Canada
– And then the next level certificate
[Public Key of Bell Canada, 128.12.0.0/16]Private Key of ARIN
– And then the next level certificate
[Public Key of ARIN, 128.0.0.0/8]Private Key of ICANN
– And then everyone knows the Public Key of ICANN
Princeton University
AS # and Router Association PKI
Subscriber Organizations
Regional Registries
DSPsISPs
ICANN
Type` Subject Extentions Signer
Root ICANN All AS #’s ICANN
Registry Regional Reg AS #’s owned by Subject ICANN
AS Owner ISP/DSP
or Subscriber
AS #’s owned by Subject Reg/ICANN
AS AS Number AS # (only 1) of subject ISP/DSP
or Subscriber
BGP Speaker BGP Speaker AS #, Router ID of subject ISP/DSP
or Subscriber
AS#34
AS#23BGP SPEAKER
Bgp-spker-23-342
Princeton University
SBGP – Path Authentication
• Given a Route Attestation (a secure update message)For the network below:
[1]----[2]------[3]------[4]
[1] Sends to [2]: {1,2}_1 (i.e. (a path from 1 to 2) signed by 1) [2] Sends to [3]: {1,2}_1 , {2,3}_2 [3] Sends to [4]: {1,2}_1 , {2,3}_2, {3,4}_3
• Verify Each Signature using the Router Association PKI– First check for the next level certificate
[Public Key PrincetonU - AS #1 - BGP Speaker #rtr_pton1_no4]PrincetonU
– And then the next level certificate
[Public Key PrincetonU, AS #1, AS#1001]ARIN
– And then the next level certificate
[Public Key ARIN, AS #1, AS #2, …, AS#1001,.., AS#4678] ICANN
– And then everyone knows the Public Key of ICANN
Owned byPrincetonU
Princeton University
SoBGP vs SBGP
SoBGP SBGP• Web of Trust• Fuzzy Security Level• New SECURITY Message• No crypto per UPDATE msg• Path Plausibility (Static)
• PKI• Fixed Security Level• Signed UPDATE Messages• Crypto required per UPDATE msg• Path Authentication ( Dynamic )
• The similarities:– Both secure only the control plane– Both do origin authentication– Both cannot defend against colluding adversaries (using wormhole
in sBGP, using two lying PolicyCerts in SoBGP)– Both are only “fuzzily” effective if incrementally deployed
Princeton University
Nomenclature and So On…
• Origin Authentication:
– SoBGP AuthCert = sBGP Address Attestation =
[AS#, IP prefix]Private Key of Signer
– sBGP also has an OA PKI but SoBGP doesn’t b/c of Web of Trust
• Path Authentication / Plausibiltiy:– SoBGP PolicyCerts (an AS lists the connections it has) – sBGP Route Attestation (a nested, signed AS path in each
UPDATE msg)
– SoBGP also has EntityCerts (a Web of Trust to bind PK’s to AS#’s)– sBGP also has an RA PKI
Princeton University
Path Plausibility vs Path Authentication
• Is Path Authentication stronger than Path Plausibility?“Since each AS in sBGP is authentication a relationship between itself and its predecessor and successor ASes, the set of acceptable AS paths in sBGP is a subset of the set paths acceptable under SoBGP”
– Path Lengthening attack can be done in P Plausibility but not PA
– What about a Path Shortening attack ? (assuming no colluding adversaries and full deployment)
• In SoBGP path shortening violates topology database• In SBGP it violates the structure of the RA chain (next slide)
Princeton University
A neat aside: Nested vs Pairwise Route Attestations
• With nested RA’s the following path shortening attack works:
• But, if we use pairwise RA’s, the attack fails:
43 2 1
(2,1) 2(3,(2,1 )2 ) 3
(4,(3,(2,1 )2 ) 3 ) 4
(4,(2,1 )2 ) 4
43 2 1
(2,1) 1(3,2)2 (2,1)1
(4,3)3 (3,2)2 (2,1)1
(4,3)3 (2,1)1
Princeton University
Another Neat Aside: SBGP does not bind OA to PA
• Recall that SBGP transmitts:– RA’s (e.g. (4,3)3 (3,2)2 (2,1)1 ) in the UPDATE message.
– AA (e.g. [AS #848, 128.12.50.0/24]Private Key of Bank of Montreal ) out of band
– Routing Certs and Origin Authentication Certs out of band
• Therefore, SBGP does not bind an prefix to a path!• eg. Suppose what should have been sent was
– 10.10.10.0/24 (4,3)4 (3,2)3 (2,1)2
– 45.45.45.0/24 (4,30)4 (30,2)30 (2,1)2
• And instead, malicious 2 sent:– 10.10.10.0/24 (4,3)4 (3,2)3 (2,1)2
– 45.45.45.0/24 (4,3)4 (3,2)3 (2,1)2
43 2 1Prefix 10.10.10.0/24
30Prefix 45.45.45.0/24
Princeton University
SoBGP vs SBGP: Discussion
• An now for Dan’s comments on performance…
• How does Aggregation impact Origin Authentication?• With Web of Trust you can do anything!!!• Not so good with a centralized PKI.
• SBGP vs SoBGP incremental deployment ?• Is WoT easier to deploy than PKI?• Benefits of partial deployment?• SoBGP has a new SECURITY message that could cause problems
• Other thoughts?