Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005."— Presentation transcript:

1 An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005

2 Risk Management Operational security is not about being able to create and maintain absolute security. Its about a pragmatic approach to risk mitigation, using a trade-off between cost, complexity, flexibility and outcomes Its about making an informed and reasoned judgment to spend a certain amount of resources in order to achieve an acceptable risk outcome

3 Threat Model Understanding the threat model for routing  What might happen?  What are the likely consequences?  How can the consequences be mitigated?  What is the cost tradeoff?  Does the threat and its consequences justify the cost of implementing a specific security response?

4 Routing Security… Protecting routing protocols and their operation  What you are attempting to protect against: Compromise the topology discovery / reachability operation of the routing protocol Disrupt the operation of the routing protocol Protecting the protocol payload  What you are attempting to protect against: Insert corrupted address information into your network’s routing tables Insert corrupt reachability information into your network’s forwarding tables

5 Threats Corrupting the routers’ forwarding tables can result in:  Misdirecting traffic (subversion, denial of service, third party inspection, passing off)  Dropping traffic (denial of service, compound attacks)  Adding false addresses into the routing system (support compound attacks)  Isolating or removing the router from the network

6 Operational Security Measures Security considerations in:  Network Design  Device Management  Configuration Management  Routing Protocol deployment Issues:  Mitigate potential for service disruption  Deny external attempts to corrupt routing behaviour or payload

7 Protecting the BGP payload How to increase your confidence in determining that what routes you learn from your eBGP peers is authentic and accurate How to ensure that what you advertise to your eBGP peers is authentic and accurate

8 Routing Security The basic routing payload security questions that need to be answered are:  Who injected this address prefix into the network?  Did they have the necessary credentials to inject this address prefix? Is this a valid address prefix?  Is the forwarding path to reach this address prefix credible? What we have today is a relatively insecure system that is vulnerable to various forms of disruption and subversion  While the protocols can be reasonably well protected, the management of the routing payload cannot reliably answer these questions

9 What I (personally) really want to see… The use of authenticatable attestations to allow automated validation of:  the authenticity of the route object being advertised  authenticity of the origin AS  the binding of the origin AS to the route object Such attestations used to provide a cost effective method of validating routing requests  as compared to the today’s state of the art based on techniques of vague trust and random whois data mining

10 And what would be even better… Such attestations to be carried in BGP as payload attributes Attestation validation to be a part of the BGP route acceptance / readvertisement process

11 And what (I think) should be retained… BGP as a “block box” policy routing protocol  Many operators don’t want to be forced to publish their route acceptance and redistribution policies. BGP as a “near real time” protocol  Any additional overheads of certificate validation should not impose significant delays in route acceptance and readvertisement

12 Status of Routing Security It would be good to adopt some basic security functions into the Internet’s routing domain  Certification of Number Resources Is the current controller of the resource verifiable?  Explicit verifiable trust mechanisms for data distribution Signed routing requests Adoption of some form of certificate repository structure to support validation of signed routing requests Have they authorized the advertisement of this resource? Is the origination of this resource advertisement verifiable?  Injection of reliable trustable data into the protocol Address and AS certificate / authorization injection into BGP

13 Next Steps? PKI infrastructure support for IP addresses and AS numbers Certificate Repository infrastructure Operational tools for nearline validation of signed routing requests / signed routing filter requests / signed entries in route registries Carrying signature information as part of BGP Update attribute

14 Question for GROW Is there interest in working on specification / description of tools that use a resource PKI for near line validation of routing requests?

Download ppt "An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005."

Similar presentations

An Operational Perspective on Routing Security

An Operational Perspective on Routing Security
A Threat Model for BGPSEC

A Threat Model for BGPSEC
A Threat Model for BGPSEC Steve Kent BBN Technologies.

A Threat Model for BGPSEC Steve Kent BBN Technologies.
RPKI Standards Activity Geoff Huston APNIC February 2010.

RPKI Standards Activity Geoff Huston APNIC February 2010.
An Operational Perspective on Routing Security Geoff Huston Chief Scientist, APNIC.

An Operational Perspective on Routing Security Geoff Huston Chief Scientist, APNIC.
Update on Resource Certification Geoff Huston, APNIC Mark Kosters, ARIN SSAC Meeting, March 2008.

Update on Resource Certification Geoff Huston, APNIC Mark Kosters, ARIN SSAC Meeting, March 2008.
An Operational Perspective on BGP Security Geoff Huston February 2005.

An Operational Perspective on BGP Security Geoff Huston February 2005.
Secure Internet Solutions Geoff Huston Chief Scientist, Internet Telstra.

Secure Internet Solutions Geoff Huston Chief Scientist, Internet Telstra.
The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.

The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.
Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
RPKI and Routing Security ICANN 44 June 2012. Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.

RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.

Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez School of Computer Science.

SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez School of Computer Science.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007.

Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007.
APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

Similar presentations

Ads by Google