1 / 22

Security Analysis of BGP

Security Analysis of BGP. Anupam Garg Dungjade Shiowattana. Introduction to BGP. BGP – Border Gateway Protocol Protocol for inter and intra domain routing among Autonomous Systems (AS’s). How it works. Neighboring peers advertise their routing information

Download Presentation

Security Analysis of BGP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Analysis of BGP Anupam Garg Dungjade Shiowattana

  2. Introduction to BGP • BGP – Border Gateway Protocol • Protocol for inter and intra domain routing among Autonomous Systems (AS’s). • How it works • Neighboring peers advertise their routing information • The AS decides on the best route among the information it gets • It then advertises its best route to its neighbors AS

  3. Vulnerabilities in BGP • No mechanism to verify the authenticity and integrity of advertised routes • Routers can send incorrect information to its peers (either intentionally or by misconfiguration) • Blackhole effect : 1997 – A router misconfiguration advertised short routes to every IP address, disconnecting a significant portion of the Internet • Altering traffic flows • Eavesdropping or Tampering with Internet traffic • DoS attacks

  4. Threat Model • Routers can advertise invalid routes (either intentionally or by misconfiguration) • An invalid route is a route that does not exist in the Internet topology

  5. Related Work • Two main approaches • Assuming a Public Key Infrastructure • High overhead • High security • Not assuming a Public Key Infrastructure • More efficient • Less secure

  6. Whisper Protocol • The recipient V verifies that two paths are consistent, if not raise an alarm gzPA gzPAB A B C s2 = gzPABC gzP P V z : Secret gzP X Y s1 = gzPXY gzPX • Verify s1ABC=s2XY

  7. Secure BGP (S-BGP) • Assumes a Public Key Infrastructure • Communication over IPsec • Uses digital signatures to assure the authenticity and integrity of routing information • Each router signs the proposed path together with the recipient AS • Signature stored in PATH ATTRIBUTE field of BGP’s UPDATE packet

  8. S-BGP 1 5 2 8 Path Attributes AS path : 1 Attestations: RA: Signer: AS 1 Signature Expiry: … Target: AS 5 Path Attributes AS path : 5,1 Attestations: RA: Signer: AS 5 Signature Expiry: … Target: AS 2 RA: Signer: AS 1 Signature Expiry: … Target: AS 5 Path Attributes AS path : 2,5,1 Attestations: RA: Signer: AS 2 Signature Expiry: … Target: AS 8 RA: Signer: AS 5 Signature Expiry: … Target: AS 2  RA = Route Attestation

  9. Concerns about S-BGP • Replay attacks • Deployment issues • Signature computation and verification • Additional bandwidth & memory for signatures and certificates • Key distribution depends on correctness of BGP itself

  10. Our Analysis • An unavoidable attack • Analysis of Whisper • Analysis of S-BGP • Proposed improvement for S-BGP

  11. Unavoidable Attack X N M A B D S Actual Path Advertised Path Packet tunneling to X Packet tunneling to B

  12. Unavoidable Attack • Due to nature of BGP • Any protocol built on BGP allows 3 colluding routers to propose a direct link between 2 of them • This cannot be detected even if all other nodes cooperate. • If only A and B collude, S cooperating with N can detect this (A claims a direct link to B, but sends traffic to B through N) • It cannot create a black hole effect

  13. Analysis of the Whisper Protocol • Needs a dense network • A large number of nodes in the current Internet have few connections • Cannot determine the point of error • Two colluding routers can • advertise any path between themselves • may successfully advertise a forged path to any node

  14. Analysis of the Whisper Protocol gzPW gzPWY W Y A gzP gxPA P V M N B gzP gxPMNB gzPMN gzPM Actual Path Advertised Path Whisper verifies (gxPA)MNB=(gxPMNB)A

  15. Analysis of S-BGP • Two nodes can forge a direct link between them P2 P B A V X P1 N Actual Path Advertised Path Packet signed by B with N as next node in the path Packet signed by B with A as next node in the path P1 P2

  16. Analysis of S-BGP • Replay attacks • Cannot replay expired packets • Must compromise IPsec session or the router • Expiring date • When a signature expires the router needs to resend the advertisement • Routing information of the whole network has to be refreshed in a certain time period • S-BGP allows the expiration date to be determined locally • Many routers refreshing the same day will cause a flood of UPDATE messages • Otherwise, many routes will be refreshed frequently (i.e. every time a router along the route refreshes)

  17. Analysis of S-BGP • Withdraw messages • Withdraw messages are not verified • Authenticity of sender relies on IPsec • A compromised IPsec session or bad implementation (not verifying the sender against the route to be withdrawn) could allow an adversary to withdraw routes he is not authorized to withdraw

  18. Analysis of S-BGP • Interoperation with BGP • In the transition phase BGP packets will be sent encrypted (between S-BGP routers) and in the clear (to non S-BGP routers) • This gives large amount of known plaintext • Could compromise security of IPsec

  19. Proposed Improvement to S-BGP • Threshold security • Threshold k • Upon receiving an UPDATE packet • Verify the (at most k) signatures • Keep at most the k-1 latest signatures • Append own signature • Send UPDATE to neighbor • Same security guarantees as S-BGP as long as the number of colluding adversaries is less than k

  20. Proposed Improvement to S-BGP • Advantages • Needs to verify at most k signatures • Reduces the overhead and memory requirement for signature verification • Needs certificates of nodes at most k hops away • Reduces workload of PKI • Reduces memory for storing certificates • Update message contains at most k signatures • Less amount of bandwidth required • Less amount of memory required to store signatures

  21. Conclusions • Whisper is weak • S-BGP is promising, but is heavy weight • Threshold security can reduce the overheads involved with S-BGP, making it more practical

  22. Any Questions?

More Related