130 likes | 294 Views
SoBGP vs SBGP. Sharon Goldberg Princeton Routing Security Seminar June 27, 2006 and July 11, 2006. sBGP Review. A purist approach to secure the control plane using a centralized security approach Origin Authentication Origin Authentication Public Key Infrastructure (PKI)
E N D
SoBGP vs SBGP Sharon Goldberg Princeton Routing Security Seminar June 27, 2006 and July 11, 2006
sBGP Review • A purist approach to secure the control plane using a centralized security approach • Origin Authentication • Origin Authentication Public Key Infrastructure (PKI) • Signed “Address Attestations” • Path Authentication • Autonomous System (AS) PKI • Nested Signatures in UPDATE Messages (Route Attestations)
Origin Authentication – PKI Delegation Heirarchy Delegate Allocate ICANN Regional Registries Subscriber Organizations ISPs DSPs DSPs Subscriber Organizations Subscriber Organizations Subscriber Organizations Subscriber Organizations Subscriber Organizations A Canadian Example
SBGP – Origin Authentication • Given a Address Attestation [AS #848, 128.12.50.0/24]Private Key of Bank of Montreal • Verify Using the Origin Authentication PKI • First check for the next level certificate [Public Key of BMO, 128.12.50.0/22]Private Key of Bell Canada • And then the next level certificate [Public Key of Bell Canada, 128.12.0.0/16]Private Key of ARIN • And then the next level certificate [Public Key of ARIN, 128.0.0.0/8]Private Key of ICANN • And then everyone knows the Public Key of ICANN
AS # and Router Association PKI ICANN Regional Registries Subscriber Organizations ISPs DSPs BGP SPEAKER Bgp-spker-23-342 AS#23 AS#34
SBGP – Path Authentication • Given a Route Attestation (a secure update message) For the network below: [1]----[2]------[3]------[4] [1] Sends to [2]: {1,2}_1 (i.e. (a path from 1 to 2) signed by 1) [2] Sends to [3]: {1,2}_1 , {2,3}_2 [3] Sends to [4]: {1,2}_1 , {2,3}_2, {3,4}_3 • Verify Each Signature usingthe Router Association PKI • First check for the next level certificate [Public Key PrincetonU - AS #1 - BGP Speaker #rtr_pton1_no4]PrincetonU • And then the next level certificate [Public Key PrincetonU, AS #1, AS#1001]ARIN • And then the next level certificate [Public Key ARIN, AS #1, AS #2, …, AS#1001,.., AS#4678] ICANN • And then everyone knows the Public Key of ICANN Owned by PrincetonU
SoBGP vs SBGP • The similarities: • Both secure only the control plane • Both do origin authentication • Both cannot defend against colluding adversaries (using wormhole in sBGP, using two lying PolicyCerts in SoBGP) • Both are only “fuzzily” effective if incrementally deployed
Nomenclature and So On… • Origin Authentication: • SoBGP AuthCert =sBGP Address Attestation = [AS#, IP prefix]Private Key of Signer • sBGP also has an OA PKI but SoBGP doesn’t b/c of Web of Trust • Path Authentication / Plausibiltiy: • SoBGP PolicyCerts (an AS lists the connections it has) • sBGP Route Attestation (a nested, signed AS path in each UPDATE msg) • SoBGP also has EntityCerts (a Web of Trust to bind PK’s to AS#’s) • sBGP also has an RA PKI
Path Plausibility vs Path Authentication • Is Path Authentication stronger than Path Plausibility? “Since each AS in sBGP is authentication a relationship between itself and its predecessor and successor ASes, the set of acceptable AS paths in sBGP is a subset of the set paths acceptable under SoBGP” • Path Lengthening attack can be done in P Plausibility but not PA • What about a Path Shortening attack ? (assuming no colluding adversaries and full deployment) • In SoBGP path shortening violates topology database • In SBGP it violates the structure of the RA chain (next slide)
A neat aside: Nested vs Pairwise Route Attestations • With nested RA’s the following path shortening attack works: • But, if we use pairwise RA’s, the attack fails: (4,(3,(2,1 )2 ) 3 ) 4 (2,1) 2 4 (3,(2,1 )2 ) 3 (4,(2,1 )2 ) 4 3 2 1 (4,3)3 (3,2)2 (2,1)1 (2,1) 1 4 (3,2)2 (2,1)1 3 2 1 (4,3)3 (2,1)1
Another Neat Aside: SBGP does not bind OA to PA • Recall that SBGP transmitts: • RA’s (e.g. (4,3)3 (3,2)2 (2,1)1 ) in the UPDATE message. • AA (e.g. [AS #848, 128.12.50.0/24]Private Key of Bank of Montreal) out of band • Routing Certs and Origin Authentication Certs out of band • Therefore, SBGP does not bind an prefix to a path! • eg. Suppose what should have been sent was • 10.10.10.0/24 (4,3)4 (3,2)3 (2,1)2 • 45.45.45.0/24 (4,30)4 (30,2)30 (2,1)2 • And instead, malicious 2 sent: • 10.10.10.0/24 (4,3)4 (3,2)3 (2,1)2 • 45.45.45.0/24 (4,3)4 (3,2)3(2,1)2 30 Prefix 45.45.45.0/24 4 3 2 1 Prefix 10.10.10.0/24
SoBGP vs SBGP: Discussion • An now for Dan’s comments on performance… • How does Aggregation impact Origin Authentication? • With Web of Trust you can do anything!!! • Not so good with a centralized PKI. • SBGP vs SoBGP incremental deployment ? • Is WoT easier to deploy than PKI? • Benefits of partial deployment? • SoBGP has a new SECURITY message that could cause problems • Other thoughts?