Towards Secure Interdomain Routing For Dr Aggarwal 60

Towards Secure Interdomain Routing For Dr. Aggarwal 60 -592 Win 2004 1

Content Background n Current protocol n Security problems n Solutions n Conclusion n Reference n 2

Background n Routing Determine the path that IP packets take to go from their source to their destination n Interdomain Routing Routers (compute desired path) are grouped together called Autonomous Systems (Management Domains). Inter-Autonomous System routing. 3

Current Protocol n Border Gateway Protocol RFC 1771 & 1772, March 1995 n BGP-4 along with Interior Gateway Protocol (IGP) n AS announces IP address ranges called prefixes n Full AS paths enforces routing policies n Local traffic, transit traffic n AS – Stub AS, Multihomed AS, Transit AS 4

Attributes Weight n Local preference n Multi-exit discriminator n Origin n AS_path n Next. Hop n Community n 5

Security Problems n Message may not be correct and authentic n Path may not be authentic n AS may not have the authority to advertise a prefix 6

Solutions n Secure Border Gateway Protocol (SBGP) n Internet Route validation (IRV) n Secure Origin BGP (so. BGP) n Origin Authentication Services 7

S-BGP n IP security protocol suite Encapsulating Security Payload (ESP) n new BGP path attribute with attestations - route attestations - address attestations n Public Key Infrastrcture(PKI) - public key certificates 8

IRV n IRV servers maintain routing data received and advertised n Validation by out-of-band mechanism and potentially secure protocol 9

so. BGP n Entity. Cert – ties an AS number to a public key with attested keys as root keys n Auth. Cert (in Prefix Policy. Cert) – ties an AS to a block of addresses n ASPolicy. Cert – verifies that the advertiser does have a path to the destination Note: new BGP message (SECURITY) 10

Deployment Option n Direct Certificate Exchange - exchange certificates with their peers n Exchange by Edge Router - edge routers exchange certificates - internal servers process information 11

Origin Authentication Services n Formalization n Modeling n Simulation n Evaluation 12

Formalization n ASN = {1, 2, …K} be the set of all Autonomous System Numbers, K = 2 16 O be the set of all organizations which can own prefixes S be the set of all BGP speaking organizations C be an organization; C S and ASN(C) be the set of AS numbers current assigned to C IPA = {0, 1}l be the set of all l-bit IP addresses; l=32 for IPv 4 and l =64 for IPv 6 x/j is the address prefix (often called prefix) If y/k is a prefix of C. Address assignments or delegations can be formally expressed as a) (C, y/k, n) where n ASN; C assigns y/k to an AS number n b) (C, y/k, C’) where C’ O; C delegates y/k to C’ c) (C, y/k, R); C declares y/k as RESERVED thus neither advertised nor delegated 13

Delegation Path n Valid - ownership source is IANA - path is monotonic - path is acyclic - assignment edge is ASN-respecting ( ASN(C), R or ) 14

Modeling n Origin Authentication Services - Delegation path is valid - Set of delegation attestations is verified - assignment edge is certified n Delegation Attestations - Simple delegation attestation - Authenticated delegation list - Authentication Delegation Tree - Authentication Delegation Dictionaries 15

Simulation n Trace-based simulation on a single BGP speaker on April 2, 2003. 653649 UPDATE messages are recorded over a 24 hour period n Four models are implemented: - simple attestation - AS authenticated delegation list - Authenticated delegation trees 16

Observation n Signature validation (ordered most costly to the least) - n simple attestation AS authenticated delegation list Authenticated delegation trees On-line and Off-line Origin Authentication - Authenticated delegation lists are significantly more expensive n Caching - Tree scheme outperforms the others n Caching without organization load - authenticated delegation lists out-performs AS authenticated delegation list 17

Evaluation n Discussed Origin Authentication Services Models are feasible n Approximation of the delegation graph is supported by studies of BGP n Underestimated ownership sources and delegation would not affect the quality of the result 18

Conclusion n BGP is problematic n Secure Border Gateway Protocol - studied since 1996 is not complete n Internet Route Verification - solved only part of the problems n Secure Origin Border Gateway Protocol - not deployed n Origin authentication service – resource costs can be significantly reduced 19

Reference n 1. W. Aiello, J. Ioannidis, P. Mc. Daniel. Origin Authentication in Interdomain Routing. In Proceedings of the 10 th ACM Conference on Computer and Communication Security, page 165 – 178, October 2003, Washington, DC, USA n 2. K. Seo, C. Lynn, and S. Kent. Public-Key Infrastruture for the Secure Border Gateway Protocol (S-BGP). In Proceedings of DARPA Information Survivability Conference and Exposition II. IEEE, June 2001 n 3. Y. Rekhter and T. Li. A Border Gateway Protocol 4 (BGP 4). Internet Engineering Task Force, March 1995. RFC 1771. n 4. Y. Rekhter and P. Gross. Application of the Border Gateway Protocol in the Internet, March 1995. RFC 1772 20