Presentation is loading. Please wait.

Presentation is loading. Please wait.

3/9/2004Presenter: Lan Gao1 Origin Authentication in Interdomain Routing William Aiello, John Ioannidis, and Patrick McDaniel Proceedings of 10th ACM Conference.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "3/9/2004Presenter: Lan Gao1 Origin Authentication in Interdomain Routing William Aiello, John Ioannidis, and Patrick McDaniel Proceedings of 10th ACM Conference."— Presentation transcript:

1 3/9/2004Presenter: Lan Gao1 Origin Authentication in Interdomain Routing William Aiello, John Ioannidis, and Patrick McDaniel Proceedings of 10th ACM Conference on Computer and Communications Security (CCS'03)

2 3/9/2004Presenter: Lan Gao2 What does the paper solve? Problem  How do we ensure that addresses are associated with only those ASes that own them? Origin Authentication  Provide a way to validate claims of address ownershi p in interdomain routing  Authenticate address usage Defense against  Attacks by malicious entities  misconfigurations

3 3/9/2004Presenter: Lan Gao3 Overview Background Formalization  semantics of address delegation  Origin authentication proof systems Modeling  address delegation graph Evaluating resource costs

4 3/9/2004Presenter: Lan Gao4 Interdomain Routing The Internet consists of many routing domains:  routing inside a domain is determined by an intradom ain routing protocol  routing between domains is governed by an interdom ain routing protocol  Intradomain and interdomain routing decisions are la rgely made independently Reasons:  Scale  Administrative autonomy

5 3/9/2004Presenter: Lan Gao5 BGP (Border Gateway Protocol) BGP:  the interdomain routing protocol used on the I nternet  routing domains is called Autonomous System s (ASes), e.g. AT&T. ASes:  announce the prefixes that they own (IP addre ss ranges, e.g. 12.1.1.0/24) to its neighboring A Ses.  announce the prefixes that it learns from each of its neighbors to its other neighbors.

6 3/9/2004Presenter: Lan Gao6 Intra-AS and Inter-AS Routing: Example Source: Computer Networking: A Top-Down Approach Featuring the Internet The route from A.d to B.b: intra-AS and inter-AS path segments.

7 3/9/2004Presenter: Lan Gao7 Security Issues in Interdomain Routing ASes are not authenticated Paths are not authenticated Addresses are not authenticated What is addressed in the paper?  Validate an AS’s authority to advertise a prefix

8 3/9/2004Presenter: Lan Gao8 Origin Authentication Goal:  Provide evidence (cryptographically strong aut hentication tags) of the relations between orga nizations, ASes, and prefixes. Evidence Validated Address Advertisements Address Advertisements BGP Speakers

9 3/9/2004Presenter: Lan Gao9 Address Delegation The IPv4 address space is governed by IANA IANA delegates parts of the global address s pace to organizations Each organization may further  Delegate some or all of the received address sp ace to any organization it desires  Assign its address space to the AS in which th e addresses reside

10 3/9/2004Presenter: Lan Gao10 Address Delegation: Example AT&T delegates 12.1.1.0/ 24 to ALPHA AT&T assigns 12.0.0.0/8 to AS7018 Longest prefix matching for 12.1.1.0/24 Address announcements: ASes advertise the set of prefixes that they origina te (prefix, ASN)

11 3/9/2004Presenter: Lan Gao11 Definition: Organization ASN = { 1, 2, …, K }, where currently K = 2 16  E.g. AS7018, AS29987 S = { all BGP speaking organizations }  E.g. AT&T, ARIN, ALPHA, BETA ASN(C) = { AS # currently assigned to C }  E.g. for C = ALPHA, ASN(C) = { AS29987 } O = S  { IANA }  { other prefix registries }

12 3/9/2004Presenter: Lan Gao12 Definition: Prefixes IPA = { 0, 1 } l, where l = 32/64 for IPv4/IPv6 Address Prefixes: x/j  x is a j bit number, and j  [ 0, l ], e.g. 128/8  x/j = { x  y | y is a ( l-j ) b it number }  IPA =  /0 x/j x  0/(j+1) x  1/(j+1) Disjoint Union Superset subprefix & superprefix

13 3/9/2004Presenter: Lan Gao13 Prefix Tree of IPA  /0 0/11/1 0  0/20  1/21  0/21  1/2 1  1/320  0/32

14 3/9/2004Presenter: Lan Gao14 Definition: delegation policy For a given prefix y/k and an organization C:  (C, y/k, n): C assigns y/k to an ASN n  (C, y/k, C’): C delegates y/k to C’  (C, y/k, R): C declares y/k as RESERVED  (C, y/k, U): C’s delegation or assignment of y/ k is UNAUTHENTICATED C may perform zero, one, or more of the abo ve options The set of triples is C’s delegation policy for y/k

15 3/9/2004Presenter: Lan Gao15 Subtree Semantics Definition:  a property of a prefix x/j implies the same pro perty for all of the subprefixes of x/j Consider the previous delegation policy:  Delegations, RESERVED and UNAUTHENTI CATED declarations have subtree semantics  Assignments do not have subtree semantics

16 3/9/2004Presenter: Lan Gao16 Delegation Graphs A directed graph G = (V, E)  V=O  ASN  R  U    E={(x, y/k, z)} Example:  V = { IANA, AT&T, … }  E = {(IANA,12.0.0.0/8,AT &T), … } Definition:  Ownership Source  Assignment Edge  ASN-respecting

17 3/9/2004Presenter: Lan Gao17 Valid & Faithful A directed path is valid for y/k if:  The ownership source is IANA  The path is monotonic  The path is acyclic  The ass edge is labelled y/k and is ASN-respecting C’s delegation policy is faithful for y/k if there is at most one triple in the form:  (C, y/k, n)  (C, x/j, C’), (C, x/j, U), or (C, x/j, R), where x/j is a su perprefix of y/k

18 3/9/2004Presenter: Lan Gao18 Verification of Origin Announcements OAs are verified by Origin Authentication Ta gs (OATs):  A delegation path  A set of delegation attestation, one for each ed ge in the path  An ASN Ownership Proof

19 3/9/2004Presenter: Lan Gao19 Simple Delegation Attestation A signature by C for a prefix x/j:  { ( C, x/j, F C (x/j) ) } C  A signed statement (by C’s key) binding the pr efix (x/j) to an organization identifier (F C (x/j)) The simple delegation attestation for D(C): { ( C, x 1 /j 1, F C (x 1 /j 1 ) ) } C, { ( C, x 2 /j 2, F C (x 2 /j 2 ) ) } C, …, { ( C, x s /j s, F C (x s /j s ) ) } C

20 3/9/2004Presenter: Lan Gao20 SDA: An Example The delegation path for 12.1.1.0/24 is: (IANA, AT&T, ALPHA, AS29987) The delegation attestation for the path are: [(IANA, 12.0.0.0/8, AT&T)] IANA, [(AT&T, 12.1.1.0/24, ALPHA)] AT&T, [(ALPHA, 12.1.1.0/24, AS29987)] ALPHA

21 3/9/2004Presenter: Lan Gao21 Authenticated Delegation List C creates a single list of all of its delegations and sig n that list [ { ( C, x 1 /j 1, F C (x 1 /j 1 ) ) }, { ( C, x 2 /j 2, F C (x 2 /j 2 ) ) }, …, { ( C, x s /j s, F C (x s /j s ) ) } ] C If C delegates x i /j i to B  C signs all of the delegations it makes to everyone.  B advertises x i /j i and provides this attestation

22 3/9/2004Presenter: Lan Gao22 ADL: An Example The delegation path for 12.1.1.0/24 is: (IANA, AT&T, ALPHA, AS29987) The delegation attestation for the path are: [(IANA, 12.0.0.0/8, AT&T), (IANA, 64.0.0.0/8, ARIN)] IANA, [(AT&T, 12.1.1.0/24, ALPHA), (AT&T, 64.1.0.0/16, AS7018), (AT&T, 12.0.0.0/8, AS7018)] AT&T, [(ALPHA, 12.1.1.0/24, AS29987)] ALPHA

23 3/9/2004Presenter: Lan Gao23 AS Authenticated Delegation List C breaks up the entire list into several lists an d signs each of the smaller lists. The list is splitted according to those prefixes:  delegated to the same organization or  assigned to the same AS number If C delegates x i /j i to B  C signs all of the delegations it makes to B.  B advertises x i /j i and provides this attestation

24 3/9/2004Presenter: Lan Gao24 AS ADL: An Example The delegation path for 12.0.0.0/8 is: (IANA, AT&T, AS7018) The delegation attestation for the path are: [(IANA, 12.0.0.0/8, AT&T)] IANA, [(AT&T, 64.1.0.0/16, AS7018), (AT&T, 12.0.0.0/8, AS7018)] AT&T

25 3/9/2004Presenter: Lan Gao25 Authenticated Delegation Tree C creates a Merkle hash tree:  The values of the leaves: ( C, x/j, F C (x/j) )  The values of each internal node: H( L, R ) If C delegates x i /j i to B  C only signs the root [h 0 ] C  C provides the value of the children of all of th e nodes on the path in the Merkel tree from th e root to ( C, x i /j i, B )  B advertises x i /j i and provides this attestation

26 3/9/2004Presenter: Lan Gao26 ADT: An Example The delegation attestation for (C, x 2 /j 2, B): {H(L 12, R 34 )} C, H(L 3, R 4 ), (C, x 1 /j 1, A) H(L 12, R 34 ) H(L 1, R 2 )H(L 3, R 4 ) (C, x 1 /j 1, A)(C, x 2 /j 2, B)(C, x 3 /j 3, D)(C, x 4 /j 4, E)

27 3/9/2004Presenter: Lan Gao27 Authenticated Delegation Dictionaries - 1 The model for an authenticated dictionary An Authenticated Dictionary for C:  Element: (C, y/k, F C (y/k))  The search key: address prefixes  Data Structure: balanced 2-3 trees, with leaves sorted based on the search key User Directory Dictionary Query Yes/No + Proof Attestations

28 3/9/2004Presenter: Lan Gao28 Authenticated Delegation Dictionaries - 2 Prefix Tree rooted at x/j: A total order of the prefixes: x/j < x  y/(j+k) < z/j The smallest element: x/j The largest element: x  1 l-j / l x/j x  0/(j+1)x  1/(j+1) x  0  0/(j+2)x  0  1/(j+2)x  1  0/(j+2)x  1  1/(j+2)

29 3/9/2004Presenter: Lan Gao29 Authenticated Delegation Dictionaries - 3 ADD for C: The delegation attestation for (C, x 2 /j 2, B):  The signed root: {k0  H(L 123, R 45 )} C  The value of the children of the nodes of the path: k3  H(L 4, R 5 ), (C, x 1 /j 1, A), (C, x 3 /j 3, D)  The search tree path k0  H(L 123,R 45 ) k1  k2  H(L 1,M 2,R 3 ) k3  H(L 4,R 5 ) (C, x 1 /j 1, A) (C, x 2 /j 2, B) (C, x 3 /j 3, D) (C, x 5 /j 5, F) ) (C, x 4 /j 4, E)

30 3/9/2004Presenter: Lan Gao30 Approximating IP Address Delegation Goal:  To understand how and by whom delegation occurs Sources: IANA and BGP announcements What do we learn?  Dense (16 orgs delegate 80% address space)  Stable (10-30% movement in 5 months)

31 3/9/2004Presenter: Lan Gao31 Approximation Example

32 3/9/2004Presenter: Lan Gao32 Delegation in the Approximate Delegation Graph The overwhelming number of delegations are being perf ormed by a relatively few ASes/organizations

33 3/9/2004Presenter: Lan Gao33 Trace-Based Simulation The OAsim simulator:  Models the operation of a single BGP speaker  Accepts timed BGP UPDATE streams  Computes bandwidth/computational costs  Implements four service designs Dataset:  Obtained from RouteViews  A trace of BGP updates over a 24 hour period

34 3/9/2004Presenter: Lan Gao34 Computational Costs

35 3/9/2004Presenter: Lan Gao35 Bandwidth Costs

36 3/9/2004Presenter: Lan Gao36 Conclusions OA is important in inter-domain routing  trace and validate the delegation of address usage Formalization  semantics of address ads & proofs of delegation Modeling  the current IPv4 address delegation: dense & static Performance Evaluation  consolidate proofs by delegator to reduce costs

37 3/9/2004Presenter: Lan Gao37 Questions ? Comments?

Download ppt "3/9/2004Presenter: Lan Gao1 Origin Authentication in Interdomain Routing William Aiello, John Ioannidis, and Patrick McDaniel Proceedings of 10th ACM Conference."

Similar presentations

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.

APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.
Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.
A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”

A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
124.09.2012 1 Lecture 5 - Routing On the Flat Labels M.Sc Ilya Nikolaevskiy Helsinki Institute for Information Technology (HIIT)

Lecture 5 - Routing On the Flat Labels M.Sc Ilya Nikolaevskiy Helsinki Institute for Information Technology (HIIT)
BGP.

BGP.
Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.

A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.
SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez School of Computer Science.

SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez School of Computer Science.
1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
1 CCNA 3 v3.1 Module 1. 2 CCNA 3 Module 1 Introduction to Classless Routing.

1 CCNA 3 v3.1 Module 1. 2 CCNA 3 Module 1 Introduction to Classless Routing.
1 Leveraging BGP Dynamics to Reverse-Engineer Routing Policies Sridhar Machiraju Randy H. Katz UC, Berkeley OASIS Retreat, Summer 2005.

1 Leveraging BGP Dynamics to Reverse-Engineer Routing Policies Sridhar Machiraju Randy H. Katz UC, Berkeley OASIS Retreat, Summer 2005.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Tutorial 5 Safe Routing With BGP Based on: Internet.

Tutorial 5 Safe Routing With BGP Based on: Internet.
Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.

Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.

Similar presentations

Ads by Google