SoBGP vs SBGP
Sharon Goldberg
Princeton Routing Security Seminar
June 27, 2006
and
July 11, 2006
Princeton University
Lightwave Communications Research Laboratory
sBGP Review
• A purist approach to secure the control plane using a
centralized security approach
• Origin Authentication
– Origin Authentication Public Key Infrastructure (PKI)
– Signed “Address Attestations”
• Path Authentication
– Autonomous System (AS) PKI
– Nested Signatures in UPDATE Messages (Route Attestations)
Princeton University
Origin Authentication – PKI Delegation Heirarchy
ICANN
Delegate
Allocate
Regional
Registries
Subscriber
Organizations
Subscriber
Organizations
ISPs
Subscriber
Organizations
Type`
Subject
Signer
Root
ICANN
ICANN
Registry
Regional Reg
ICANN
ISP/DSP
ISP/DSP
Reg/ICANN
Subscriber Subscriber
DSPs
Subscriber
Organizations
ISP/Reg/ICANN
DSPs
Subscriber
Organizations
Subscriber
Organizations
A Canadian Example
Type
Subject
Addresses
Signature
Root
ICANN
All
By ICANN
Registry
ARIN (US+Canada Region)
10.0.0.0/8
By ICANN
ISP/DSP
Bell Canada
10.10.0.0/16
By ARIN
Subscriber
Bank of Montreal
10.10.10.0/24
By Bell Canada
Princeton University
SBGP – Origin Authentication
• Given a Address Attestation
[AS #848, 128.12.50.0/24]Private Key of Bank of Montreal
• Verify Using the Origin Authentication PKI
– First check for the next level certificate
[Public Key of BMO, 128.12.50.0/22]Private Key of Bell Canada
– And then the next level certificate
[Public Key of Bell Canada, 128.12.0.0/16]Private Key of ARIN
– And then the next level certificate
[Public Key of ARIN, 128.0.0.0/8]Private Key of ICANN
– And then everyone knows the Public Key of ICANN
Princeton University
AS # and Router Association PKI
ICANN
AS#23
Regional
Registries
Subscriber
Organizations
ISPs
BGP SPEAKER
Bgp-spker-23-342
AS#34
DSPs
Type`
Subject
Extentions
Signer
Root
ICANN
All AS #’s
ICANN
Registry
Regional Reg
AS #’s owned by Subject
ICANN
AS Owner
ISP/DSP
or Subscriber
AS #’s owned by Subject
Reg/ICANN
AS
AS Number
AS # (only 1) of subject
ISP/DSP
or Subscriber
AS #, Router ID of subject
ISP/DSP
or Subscriber
BGP Speaker BGP Speaker
Princeton University
SBGP – Path Authentication
• Given a Route Attestation (a secure update message)
For the network below:
Owned by
[1]----[2]------[3]------[4]
[1] Sends to [2]:
[2] Sends to [3]:
[3] Sends to [4]:
PrincetonU
{1,2}_1 (i.e. (a path from 1 to 2) signed by 1)
{1,2}_1 , {2,3}_2
{1,2}_1 , {2,3}_2, {3,4}_3
• Verify Each Signature using the Router Association PKI
– First check for the next level certificate
[Public Key PrincetonU - AS #1 - BGP Speaker #rtr_pton1_no4]PrincetonU
– And then the next level certificate
[Public Key PrincetonU, AS #1, AS#1001]ARIN
– And then the next level certificate
[Public Key ARIN, AS #1, AS #2, …, AS#1001,.., AS#4678] ICANN
– And then everyone knows the Public Key of ICANN
Princeton University
SoBGP vs SBGP
• The similarities:
– Both secure only the control plane
– Both do origin authentication
– Both cannot defend against colluding adversaries (using wormhole
in sBGP, using two lying PolicyCerts in SoBGP)
– Both are only “fuzzily” effective if incrementally deployed
SoBGP
•
•
•
•
•
Web of Trust
Fuzzy Security Level
New SECURITY Message
No crypto per UPDATE msg
Path Plausibility (Static)
Princeton University
SBGP
•
•
•
•
•
PKI
Fixed Security Level
Signed UPDATE Messages
Crypto required per UPDATE msg
Path Authentication ( Dynamic )
Nomenclature and So On…
• Origin Authentication:
– SoBGP AuthCert = sBGP Address Attestation =
[AS#, IP prefix]Private Key of Signer
– sBGP also has an OA PKI but SoBGP doesn’t b/c of Web of Trust
• Path Authentication / Plausibiltiy:
– SoBGP PolicyCerts (an AS lists the connections it has)
– sBGP Route Attestation (a nested, signed AS path in each
UPDATE msg)
– SoBGP also has EntityCerts (a Web of Trust to bind PK’s to AS#’s)
– sBGP also has an RA PKI
Princeton University
Path Plausibility vs Path Authentication
• Is Path Authentication stronger than Path Plausibility?
“Since each AS in sBGP is authentication a relationship between itself and
its predecessor and successor ASes, the set of acceptable AS paths in
sBGP is a subset of the set paths acceptable under SoBGP”
– Path Lengthening attack can be done in P Plausibility but not PA
– What about a Path Shortening attack ?
(assuming no colluding adversaries and full deployment)
• In SoBGP path shortening violates topology database
• In SBGP it violates the structure of the RA chain (next slide)
Princeton University
A neat aside: Nested vs Pairwise Route Attestations
• With nested RA’s the following path shortening attack
works:
(4,(3,(2,1 )2 ) 3 ) 4
4
(4,(2,1 )2 ) 4
(3,(2,1 )2 ) 3
3
(2,1) 2
2
1
• But, if we use pairwise RA’s, the attack fails:
(4,3)3 (3,2)2 (2,1)1
4
(4,3)3 (2,1)1
Princeton University
(3,2)2 (2,1)1
3
(2,1) 1
2
1
Another Neat Aside: SBGP does not bind OA to PA
• Recall that SBGP transmitts:
– RA’s (e.g. (4,3)3 (3,2)2 (2,1)1 ) in the UPDATE message.
– AA (e.g. [AS #848, 128.12.50.0/24]Private Key of Bank of Montreal ) out of band
– Routing Certs and Origin Authentication Certs out of band
• Therefore, SBGP does not bind an prefix to a path!
• eg. Suppose what should have been sent was
– 10.10.10.0/24 (4,3)4 (3,2)3 (2,1)2
– 45.45.45.0/24 (4,30)4 (30,2)30 (2,1)2
• And instead, malicious 2 sent:
– 10.10.10.0/24 (4,3)4 (3,2)3 (2,1)2
– 45.45.45.0/24 (4,3)4 (3,2)3 (2,1)2
Prefix 45.45.45.0/24
30
4
Prefix 10.10.10.0/24
Princeton University
3
2
1
SoBGP vs SBGP: Discussion
• An now for Dan’s comments on performance…
• How does Aggregation impact Origin Authentication?
• With Web of Trust you can do anything!!!
• Not so good with a centralized PKI.
• SBGP vs SoBGP incremental deployment ?
• Is WoT easier to deploy than PKI?
• Benefits of partial deployment?
• SoBGP has a new SECURITY message that could cause problems
• Other thoughts?
Princeton University