Presentation is loading. Please wait.

Presentation is loading. Please wait.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

Published byClaud Pitts Modified over 8 years ago

Similar presentations

Presentation on theme: "Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible."— Presentation transcript:

1 Interdomain Routing Security

2 How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible – Subprefix attacks not considered – Can prefix lists be generated easily? (the evil of multi-homing)

3 Outline Security goals for interdomain routing – Secure message exchange – Prefix ownership and attributes – Agreement with the forwarding path – Preventing resource exhaustion BGP (in)security today – Best common practices Proposed security enhancements – Secure BGP (S-BGP) – Anomaly-detection schemes Discussion

4 Security Goals

5 Secure Message Exchange Between Neighbors Confidential BGP message exchange – Can two ASes exchange messages without someone watching? No denial of service – Prevent CPU overload, session reset, and tampered BGP messages? BGP session physical link

6 Validity of Route Announcements Origin authentication – Is the prefix owned by the AS announcing it? 1 2 3 4 5 6 7 12.34.0.0/16

7 Validity of Route Announcements AS path authentication – Is AS path the sequence of ASes the BGP update traversed? 1 2 3 4 5 6 7 “7 5 6” “4 6”

8 Adherence to Business Contracts AS path policy – Does the AS path adhere to the routing policies of each AS? – Is a path announced when it should be? 120120 customer peers

9 Correspondence to the Data Path Agreement between control and data plane – Does the traffic follow the advertised AS path? 1 2 3 4 5 6 7 “7 5 6” “4 5 6”

10 Preventing Resource Exhaustion Limiting the size of the BGP table – Can the router run out of memory? – Storing routes for many prefixes, with long paths? Limiting the number of BGP messages – Can the router run out of CPU and bandwidth? – Due to flapping prefixes, duplicate messages, etc. BGP sessions

11 BGP (In)Security Today

12 BGP Security: Applying Best Common Practices Securing the BGP session – Authentication, encryption, TTL tricks Filtering routes by prefix and AS path – Preventing your customers from hijacking others Resetting attributes to default values – Preventing your peers from tricking you Packet filters to block unexpected BGP traffic – Blocking port 179 from unexpected places Preventing resource exhaustion – Limiting #prefixes/session, and prefix lengths

13 Best Practice is Not Good Enough Depends on vigilant application of BCPs – By your neighbors, and your neighbors’ neighbors, and your neighbors’ neighbors’ neighbors – And nobody making configuration mistakes! Doesn’t address fundamental problems – Can’t tell who owns the IP address block – Can’t tell if the AS path is bogus or invalid – Can’t be sure data packets follow the chosen route – Can’t easily bound the memory requirements

14 Security Enhancements to BGP

15 Secure BGP (S-BGP) Address attestations – Claim the right to originate a prefix – Signed and distributed out-of-band – Checked through delegation chain from ICANN Route attestations – Distributed as an attribute in BGP update message – Signed by each AS as route traverses the network – Signature signs previously attached signatures S-BGP can validate – AS path indicates the order ASes were traversed – No intermediate ASes were added or removed

16 S-BGP Deployment Challenges Complete, accurate registries – E.g., of prefix ownership Public Key Infrastructure – To know the public key for any given AS Cryptographic operations – E.g., digital signatures on BGP messages Need to perform operations quickly – To avoid delaying response to routing changes Difficulty of incremental deployment – Hard to have a “flag day” to deploy S-BGP

17 S-BGP Prevents many threats – Prefix hijacking – Route modification But not others – Collusion: two ASes claiming to have an edge – Policy violation: distributing a route from one provider to another – Data-plane attacks: announcing one path but using another – Resource exhaustion: announcing too many routes

18 Anomaly-Detection Schemes Monitoring BGP update messages – Use past history as an implicit registry – E.g., AS that announces each address block – E.g., AS-level edges and paths Out-of-band detection mechanism – Generate reports and alerts – Internet Alert Registry: http://iar.cs.unm.edu/ – Prefix Hijack Alert System: http://phas.netsec.colostate.edu/ Soft response to suspicious routes – Prefer routes that agree with the past – Delay adoption of unfamiliar routes when possible – Some (e.g., misconfiguration) will disappear on their own

19 Anomaly-Detection Schemes Risk of false positives – Temporarily (?) avoiding legitimate routes Risk of false negatives – Possibly vulnerable to a smart adversary Can detect some paths S-BGP cannot – E.g., announcing from one provider to another Does not prevent all attacks – Does not prevent collusion or data-plane attacks More amenable to incremental deployment

20 Discussion

21 Security Goals What kind of attacks should we withstand? – Misconfiguration? – Control-plane adversary? – Colluding adversaries? – Data-plane adversaries? What solution would we want, from scratch? – S-BGP? – Data-plane path verification? – Multipath routing? What kind of solution can be deployed? – S-BGP? Anomaly detection? Multipath routing?

22 Conclusions BGP is highly vulnerable – Based on trust, even of ASes many hops away BGP security is a serious problem – Blackholing, snooping, impersonating, spamming Defining the threat is challenging, too – Control-plane validation or much, much more? Incremental deployment is a real challenge – Bootstrapping a PKI (though this has improved) Still a very active area of research

Download ppt "Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible."

Similar presentations

A Threat Model for BGPSEC

A Threat Model for BGPSEC
A Threat Model for BGPSEC Steve Kent BBN Technologies.

A Threat Model for BGPSEC Steve Kent BBN Technologies.
An Operational Perspective on BGP Security Geoff Huston February 2005.

An Operational Perspective on BGP Security Geoff Huston February 2005.
BGP Policy Jennifer Rexford.

BGP Policy Jennifer Rexford.
CSE390 – Advanced Computer Networks

CSE390 – Advanced Computer Networks
A Survey of BGP Security: Issues and Solutions Butler, Farley, McDaniel, Rexford Kyle Super CIS 800/003 October 3, 2011.

A Survey of BGP Security: Issues and Solutions Butler, Farley, McDaniel, Rexford Kyle Super CIS 800/003 October 3, 2011.
Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”

A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”
Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.

Availability Centric Routing (ACR) Robust Interdomain Routing Without BGP Security July 25 th, 2006.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.

Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez School of Computer Science.

SPV: Secure Path Vector Routing for Securing BGP Leonel Ocsa Sáchez School of Computer Science.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Don’t Secure Routing, Secure Data Delivery Dan Wendlandt (CMU) With: Ioannis Avramopoulos (Princeton), David G. Andersen (CMU), and Jennifer Rexford (Princeton)

Don’t Secure Routing, Secure Data Delivery Dan Wendlandt (CMU) With: Ioannis Avramopoulos (Princeton), David G. Andersen (CMU), and Jennifer Rexford (Princeton)

Similar presentations

Ads by Google