SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez

SPV: Secure Path Vector Routing for Securing BGP

Leonel Ocsa Sáchez

[email protected]

School of Computer Science

Economy and Critical Infrastructure

Internet

BGP

Security

SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez

Introduction

Internet Packet Routing

BGPBorder Gateway Routing

Protocol

•Trusted enviroment

•Minimal Security against attacks

Introduction


S-BGP Secure BGP Routing Protocol

Authenticating of messages

Internet Routers

Requieres Computationa

l efficiency

Receive a high

volumen of messages

Burst

Introduction


It’s necessary Public Keys, Private Keys should be minimized for authenticating

Introduction


BGP Security Threats

SPV Secure Path Vector

It’s considered active attackers that actively inject malicious traffic

Strong Attacker Model

Compromises Routers in the

network

There are two main attack classes:

•Denial of Service (DoS)

•Falsification Attacks

BGP Security Threats - Denial of Service DoS

The classic DoS attack is a resource exhaustic attack.

The attacker fabricates inputs to evoke the worst-case running time.

The attacker can inject malicious TCP packets (TCP poising)The attacker

could simply flood TCP 179

To starve out the TCP connection between the two

routers

BGP Security Threats – Falsification Attacks

The attacker has caused a routing loop

Closely Related Work – Hop by Hop Authentication

Hop by Hop Authentication

To prevent attacks against

eBGP TCP

However the disadvantage is:

The falsification of access route cannot be adressed


Closely Related Work – Securing BGP Updates

S-BGP

Certificates

An Adress Space PKI

An Ass Ownershi

p

The main Goal of S-BGP:Is to protect the ASPATH and prevent unauthorized advertisements of an IP prefix.

ASPATH

It´s a sequence of intermediate Ases between source an destination routers that form a direct route for packets to travel.


Securing BGP

SPV

Removes the need for

routers perform computationally

expensive public key

cryptographic operations and

to store asymmetric private keys

Develops an ASPATH

protector

Routers need only store the

short-lived primary keys


Securing BGP – Efficient Prefix Ownership Certificates

•It works with a smaller blocks service providers.

•Service providers often delegate blocks to their costumers.

•At each step in the delegation, the recipient of the address block an aymmetric prefix primary key to the represent the block.

•The address issuer uses it prefix private key to sign the prefix .


Securing BGP – Cryptographic MechanismsThis system uses Merkle hash trees.

For this it’s posible to use a hash function like MD5

One way hash chains

This makes impossible for an

attacker to derive values

The main property of values of one-way chain is that once the receiver trusts that a value v_i is authentic, it can derive all following values of the chain, so an adversary cannot derive later values.


Securing BGP – Cryptographic MechanismsSPV uses hash trees for three purposes:

•To authenticate the values of the single-ASN private key.•To authenticate several single-ASN public keys.•To authenticate de epoch public keys.


Securing BGP – Basic ASPATH Protector


Securing BGP – Basic ASPATH Protector


Securing BGP – Advanced ASPATH Protector


Evaluation - SPV Security against Attacks

For compute the security against signature forgery, and use these results to derive the parameters: n (number of private values per one-time signature) m (number of private values disclosed per one-time signature).

This graphic shows the probabilty of a number of attacks to be successfull

In particular, the attacker will not have a certificate for the correct prefix

The attacker is also generally unable to truncate arbitrary ASPATHs


Evaluation - Comparison to S-BGP

S-BGP SPV

•Ensuring that an S-BGP AS cannot be falsely added to the ASPATH.• In S-BGP, threshold cryptography could be used, wherein peers together generate a key for the non-deploying AS, and use a separate protocol to sign UPDATEs for each other.•S-BGP ensures that each AS on the ASPATH has been transited by the UPDATE, and that ASNs cannot be dropped from the ASPATH.

•SPV does not achieve any properties in this case.• In SPV, a single entity computes the private keys, and signs each peer’s ASN into every UPDATE that would be protected by that private key.•In SPV, an attacker controlling two ASes can insert bogus ASNs between its two ASNs. In addition, as an AS receives several UPDATEs from a single prefix, this increment the probability truncate.SPV: Secure Path Vector Routing for Securing BGP

Presented by: Leonel Ocsa Sáchez

Evaluation - Comparison to S-BGP


Evaluation – Performance EvaluationComputational Overhead

When an AS connects to many peers, the UPDATEs received over one second often take BGP over 100 seconds to process in software


Conclusions

•Secure BGP software implementations enjoy at least a 20-fold speedup over digital signatures

•SPV is a protocol leveraging symmetric-key cryptography for securing against the truncation and modification attacks. SPV is configurable to allow tradeoffs between security and CPU usage.

•SPV introduces three novel concepts to the design space of secure routing protocols: first, it includes private keys within the UPDATEs themselves; second, it does not authenticate the AS that inserts itself onto the path and finally, it provides security not by requiring overwhelming computational complexity

•SPV is much faster than S-BGP, so SPV would perform better in periods of high BGP traffic

•When replay attacks are considered a threat, SPV allows for shorter timeouts than does S-BGP, and therefore can more effectively secure against replay attacks.


SPV: Secure Path Vector Routing for Securing BGP

Leonel Ocsa Sáchez

[email protected]

School of Computer Science

Documents

SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez