230 likes | 360 Views
Security Analysis of BGP. Anupam Garg Dungjade Shiowattana. Introduction to BGP. BGP – Border Gateway Protocol Protocol for inter and intra domain routing among Autonomous Systems (AS’s). How it works. Neighboring peers advertise their routing information
E N D
Security Analysis of BGP Anupam Garg Dungjade Shiowattana
Introduction to BGP • BGP – Border Gateway Protocol • Protocol for inter and intra domain routing among Autonomous Systems (AS’s). • How it works • Neighboring peers advertise their routing information • The AS decides on the best route among the information it gets • It then advertises its best route to its neighbors AS
Vulnerabilities in BGP • No mechanism to verify the authenticity and integrity of advertised routes • Routers can send incorrect information to its peers (either intentionally or by misconfiguration) • Blackhole effect : 1997 – A router misconfiguration advertised short routes to every IP address, disconnecting a significant portion of the Internet • Altering traffic flows • Eavesdropping or Tampering with Internet traffic • DoS attacks
Threat Model • Routers can advertise invalid routes (either intentionally or by misconfiguration) • An invalid route is a route that does not exist in the Internet topology
Related Work • Two main approaches • Assuming a Public Key Infrastructure • High overhead • High security • Not assuming a Public Key Infrastructure • More efficient • Less secure
Whisper Protocol • The recipient V verifies that two paths are consistent, if not raise an alarm gzPA gzPAB A B C s2 = gzPABC gzP P V z : Secret gzP X Y s1 = gzPXY gzPX • Verify s1ABC=s2XY
Secure BGP (S-BGP) • Assumes a Public Key Infrastructure • Communication over IPsec • Uses digital signatures to assure the authenticity and integrity of routing information • Each router signs the proposed path together with the recipient AS • Signature stored in PATH ATTRIBUTE field of BGP’s UPDATE packet
S-BGP 1 5 2 8 Path Attributes AS path : 1 Attestations: RA: Signer: AS 1 Signature Expiry: … Target: AS 5 Path Attributes AS path : 5,1 Attestations: RA: Signer: AS 5 Signature Expiry: … Target: AS 2 RA: Signer: AS 1 Signature Expiry: … Target: AS 5 Path Attributes AS path : 2,5,1 Attestations: RA: Signer: AS 2 Signature Expiry: … Target: AS 8 RA: Signer: AS 5 Signature Expiry: … Target: AS 2 RA = Route Attestation
Concerns about S-BGP • Replay attacks • Deployment issues • Signature computation and verification • Additional bandwidth & memory for signatures and certificates • Key distribution depends on correctness of BGP itself
Our Analysis • An unavoidable attack • Analysis of Whisper • Analysis of S-BGP • Proposed improvement for S-BGP
Unavoidable Attack X N M A B D S Actual Path Advertised Path Packet tunneling to X Packet tunneling to B
Unavoidable Attack • Due to nature of BGP • Any protocol built on BGP allows 3 colluding routers to propose a direct link between 2 of them • This cannot be detected even if all other nodes cooperate. • If only A and B collude, S cooperating with N can detect this (A claims a direct link to B, but sends traffic to B through N) • It cannot create a black hole effect
Analysis of the Whisper Protocol • Needs a dense network • A large number of nodes in the current Internet have few connections • Cannot determine the point of error • Two colluding routers can • advertise any path between themselves • may successfully advertise a forged path to any node
Analysis of the Whisper Protocol gzPW gzPWY W Y A gzP gxPA P V M N B gzP gxPMNB gzPMN gzPM Actual Path Advertised Path Whisper verifies (gxPA)MNB=(gxPMNB)A
Analysis of S-BGP • Two nodes can forge a direct link between them P2 P B A V X P1 N Actual Path Advertised Path Packet signed by B with N as next node in the path Packet signed by B with A as next node in the path P1 P2
Analysis of S-BGP • Replay attacks • Cannot replay expired packets • Must compromise IPsec session or the router • Expiring date • When a signature expires the router needs to resend the advertisement • Routing information of the whole network has to be refreshed in a certain time period • S-BGP allows the expiration date to be determined locally • Many routers refreshing the same day will cause a flood of UPDATE messages • Otherwise, many routes will be refreshed frequently (i.e. every time a router along the route refreshes)
Analysis of S-BGP • Withdraw messages • Withdraw messages are not verified • Authenticity of sender relies on IPsec • A compromised IPsec session or bad implementation (not verifying the sender against the route to be withdrawn) could allow an adversary to withdraw routes he is not authorized to withdraw
Analysis of S-BGP • Interoperation with BGP • In the transition phase BGP packets will be sent encrypted (between S-BGP routers) and in the clear (to non S-BGP routers) • This gives large amount of known plaintext • Could compromise security of IPsec
Proposed Improvement to S-BGP • Threshold security • Threshold k • Upon receiving an UPDATE packet • Verify the (at most k) signatures • Keep at most the k-1 latest signatures • Append own signature • Send UPDATE to neighbor • Same security guarantees as S-BGP as long as the number of colluding adversaries is less than k
Proposed Improvement to S-BGP • Advantages • Needs to verify at most k signatures • Reduces the overhead and memory requirement for signature verification • Needs certificates of nodes at most k hops away • Reduces workload of PKI • Reduces memory for storing certificates • Update message contains at most k signatures • Less amount of bandwidth required • Less amount of memory required to store signatures
Conclusions • Whisper is weak • S-BGP is promising, but is heavy weight • Threshold security can reduce the overheads involved with S-BGP, making it more practical