1 Securing BGP Large scale trust to build an Internet again Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

Slides:

Advertisements

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

Advertisements

The Role of a Registry Certificate Authority Some Steps towards Improving the Resiliency of the Internet Routing System: The Role of a Registry Certificate.

Presenter: Mark Elkins Topic: Things not getting done.

1 Securing BGP using DNSSEC Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

Multihoming in IPV6 Habib Naderi Department of Computer Science University of Auckland.

An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.

BGP Security APNIC Open Policy Meeting Routing SIG 23 February 2005 Kyoto, Japan Russ Housley

Validation Algorithms for a Secure Internet Routing PKI David Montana Mark Reynolds BBN Technologies.

Review of draft-ietf-sidr-arch-01.txt Steve Kent BBN Technologies.

What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.

SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez School of Computer Science.

Best Practices for ISPs

1 DNSSEC From a protocol bug to a security advantage Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

FRIENDS: File Retrieval In a dEcentralized Network Distribution System Steven Huang, Kevin Li Computer Science and Engineering University of California,

A PKI For IDR Public Key Infrastructure and Number Resource Certification AUSCERT 2006 Geoff Huston Research Scientist APNIC.

Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.

Inter-domain Routing security Problems Solutions.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.

Resource Certification What it means for LIRs Alain P. AINA Special Project Manager.

PKI To The Masses IPCCC 2004 Dan Massey USC/ISI. 1 March PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E Internet Registry allocation and assignment Policies.

SECURING BGP Matthew Nickasch University of Wisconsin-Platteville Dept. of Computer Science & Software Engineering.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

Routing Security and the Border Gateway Protocol Dr. Stephen Kent Chief Scientist - Information Security.

Staff AAA. Radius is not an ISP AAA Option RADIUS TACACS+ Kerberos.

RIPE NCC IRR training 4 February 2011 Zurich, Switzerland IPv6 Golden Networks Jeroen Massar Things to watch.

BGP Man in the Middle Attack Jason Froehlich December 10, 2008.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.

1 DNSSEC Transforming a protocol bug into an admin tool Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.

BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

Information-Centric Networks04b-1 Week 4 / Paper 2 Understanding BGP Misconfiguration –Rahil Mahajan, David Wetherall, Tom Anderson –ACM SIGCOMM 2002 Main.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.

1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.

Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.

1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.

RPKI implementation experiences in the LAC Region Carlos M. Martínez – Arturo Servín LACSEC 2012 – LACNIC XVIII.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.

BGP Validation Russ White Rule11.us.

1 Improving the resilience of DNS ENISA – Athens Productive DNSSEC environments Lutz Donnerhacke IKS GmbH, Jena DNSSEC e164.arpa.

Network Security Marshall Leitem 11/30/04

Goals of soBGP Verify the origin of advertisements

APNIC Trial of Certification of IP Addresses and ASes

Improving global routing security and resilience

FIRST How can MANRS actions prevent incidents .

Amreesh Phokeer Research Manager AfPIF-10, Mauritius

Presentation transcript:

1 Securing BGP Large scale trust to build an Internet again Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb

2 A protocol from better times A protocol from the early Internet People were friendly and trustworthy Internet was a warm and fuzzy place BGP: protocol from admins for managers Main assumption: Routers do not lie Idea 1: Announce what you have Idea 2: Redistribute politically Inject locally, route globally

3 An example

4 Policy documentation Whois database Distributed store of resource allocation Database ensures correctness RPSL database Centralized store of peering information Both views of a peering: Sender / Receiver Detailed peering policy incl. filter, precedence Software available Generates router configuration

5 Threats to BGP Fat fingers Announcing wrong network Prepending foreign ASN Broken devices Bitflip in memory or transit Commercial/criminal attacks Redirect traffic (claim prefix, claim peering) Inject unallocated networks (sending Spam) Governmental/Lawful attacks Filtering traffic to protect the innocent

6 soBGP Trustworthy ISP approach Transport authorisations as BGP attribute Certifying assignment of a prefix by parent Each AS is a X.509-CA Certifying injection policy per prefix (which ASNs are/is/isn’t the first peerings) Certifying it own peering policy with peers Web of trust Resilience against erroneous behaviour Permitting multiple hierarchies

7 S(ecure)-BGP RPKI approach Transport authorisations as BGP attribute Certifying allocation of prefix/ASN top-down Each ISP is a X.509-CA Certifying injection policy: Prefixes per ASN Certifying it own routers to sign redistribution Trust anchor management Accessing various CA repositories

8 S-BGP operation Routers Access external caches for object verification Sign each update announcement New hardware for storage and crypto operation Resource deallocation Prefix updates time out => ~15 updates/s Certificate and CRL times out => rsync Only one structure Errors are disastrous Ideal for LE

9 An other approach RPSL / Whois Use it for non-local checks (was it allowed?) No modification to BGP protocol Skips gaps in deployment Fails to deal with non-public policies Use DNSSEC ? DNS as a trustworthy, distributed database Routers: Offload crypto to AD-bit, caching implicit Drastic RPSL simplification necessary

10 Comparison CriteriasoBGPSecure-BGPRPSLDNSSEC ASN AllocWeb of trustRPKIWhoisDNS Prefix AllocWeb of trustRPKIWhoisDNS Private IP/ASOther TA NoStub zone Router in ASValidated Unchecked Outgoing PeerValidatedTracedValidatedExistence Incoming PeerValidatedUncheckedValidatedExistence WithdrawUnchecked Validated Early scopeMany islandsFew islandsFull network BGP protocolChange Keep Router HWChange Keep Helper DeviceNoSimple CacheComplex APIResolver

11 Questions?

12 Why the approach is wrong

13 Why the approach is still wrong