sign what you really care about secure bgp as paths efficiently n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Sign What You Really Care About -- Secure BGP AS Paths Efficiently PowerPoint Presentation
Download Presentation
Sign What You Really Care About -- Secure BGP AS Paths Efficiently

Loading in 2 Seconds...

play fullscreen
1 / 28

Sign What You Really Care About -- Secure BGP AS Paths Efficiently - PowerPoint PPT Presentation


  • 99 Views
  • Uploaded on

Sign What You Really Care About -- Secure BGP AS Paths Efficiently. Yang Xiang , Z. Wang , J. Wu, X. Shi, X. Yin Tsinghua University, Beijing AsiaFI 2011 @ Deajeon. Outline. Introduction Background Our Proposal: FS-BGP FS-BGP: Fast Secure BGP Evaluation Discussion.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Sign What You Really Care About -- Secure BGP AS Paths Efficiently' - monte


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
sign what you really care about secure bgp as paths efficiently

Sign What You Really Care About-- Secure BGP AS Paths Efficiently

Yang Xiang, Z. Wang, J. Wu, X. Shi, X. Yin

Tsinghua University, Beijing

AsiaFI 2011 @ Deajeon

outline
Outline
  • Introduction
    • Background
    • Our Proposal: FS-BGP
  • FS-BGP: Fast Secure BGP
  • Evaluation
  • Discussion

FS-BGP, THU, AsiaFI 2011

ip prefix hijacking
IP Prefix Hijacking
  • Routing information in BGP can not be verified
  • Through prefix hijacking, attacker may drop, intercept or tamper traffic towards specific prefix
    • Malicious attack:DoD prefix be hijacked, spammer
    • Mis-configuration: Pakistan Telecom hijacked Youtube, China Telecom hijacked 10% Internet

Prefix hijacking: AS4 hijacks prefix f

FS-BGP, THU, AsiaFI 2011

how to
How to …
  • Short-term goal: detect
    • Analyze anomalies in routing information
    • Whisper [NSDI`04], PGBGP [ICNP`06], …
    • Cons: can not grantee correctness and real-time
  • Long-term goal: prevent
    • Information authentication, secure routing info.
    • S-BGP, IRV, S-A, soBGP, psBGP, SPV, …
    • Cons: high security and low cost, can not have both.

FS-BGP, THU, AsiaFI 2011

s bgp
S-BGP
  • The most secure schema
  • Route Attestations (RA) to secure the path
    • {msg}ai: signature on msgsigned by ai

FS-BGP, THU, AsiaFI 2011

cons of s bgp
Cons of S-BGP
  • S-BGP actually singed the whole path, including the recipient AS
  • So many paths
    • unbearable computational cost
  • Dilemma of the Expiration-date
    • Long: unable to defend replay attack
    • Short: destroy the whole system

FS-BGP, THU, AsiaFI 2011

substitutes for s bgp
Substitutes for S-BGP
  • soBGP
    • Infeasible paths exist
  • IRV
    • Query Latency; hard to maintain authority server
  • SPV
    • Complex state info.; probabilistically guarantee
  • S-A
    • Only for signing; need to pre-establish neighbor list

FS-BGP, THU, AsiaFI 2011

our proposal fs bgp f ast s ecure bgp
Our ProposalFS-BGP: Fast Secure BGP
  • How to secure the path
    • CSA (Critical path Segment Attestation) to secure the AS path
    • SPP (Suppressed Path Padding) to protect the optimal path and prevent effective hijacking
  • Security
    • All the authenticated paths are feasible path
    • Achieves similar level of security as S-BGP
  • Computational cost (on backbone router)
    • Singing cost: ~0.6%of S-BGP
    • Verification cost: ~3.9%of S-BGP

FS-BGP, THU, AsiaFI 2011

outline1
Outline
  • Introduction
  • FS-BGP: Fast Secure BGP
    • CSA: Critical Segment Attestation
    • SPP: Suppressed Path Padding
  • Evaluation
  • Discussion

FS-BGP, THU, AsiaFI 2011

announcement restrictions in bgp
Announcement Restrictions in BGP
  • Best route announcing
    • Temporary restriction
    • Local preference and other metrics
  • Selective import & export policy
    • Persistentrestriction
    • Neighbor based import and export: contracts ($$) are between neighbor Ases
    • Feasible path: exist in AS-level graph & obey the policy

FS-BGP, THU, AsiaFI 2011

critical path segment
Critical Path Segment
  • In path:pn= <an+1 , an , …, a0>, the Critical Path Segment ci owned by ai is
  • Those adjacent AS triples actually describes part of routing policies of the corresponding owner
    • ci=<ai+1, ai, ai-1> meansaican (and already) announce routes toai+1 which are import fromai-1
    • If every owner signs the critical segment in a current announcing path, the consequent ASes will be able to verify the received whole path

FS-BGP, THU, AsiaFI 2011

slide12

{msg}ai:signature of msg signed by ai

FS-BGP:CSA

{a4a3a2}a3

{a3a2a1}a2

{a2a1a0}a1

{a1a0}a0

〈a0〉

〈a1a0〉

〈a2a1a0〉

〈a3a2a1a0〉

a0

a1

a2

a3

a4

{a1a0}a0

{a2a1a0}a1

{a3a2a1a0}a2

{a4a3a2a1a0}a3

S-BGP:RA

FS-BGP, THU, AsiaFI 2011

signatures in fs bgp and s bgp
Signatures in FS-BGP and S-BGP

Signatures for the path: pn=<an+1, an, an-1, …, a0>

FS-BGP

S-BGP

FS-BGP, THU, AsiaFI 2011

cost reduction
Cost Reduction
  • (# total critical segment)<< (# total AS path)
  • If we use a small cache, the cost will be sharply decreased
    • S-BGP: an receiveskpaths, signs k signatures
    • FS-BGP: an receives k paths, signs 1 signature

FS-BGP, THU, AsiaFI 2011

outline2
Outline
  • Introduction
  • FS-BGP: Fast Secure BGP
    • CSA: Critical Segment Attestation
    • SPP: Suppressed Path Padding
  • Evaluation
  • Discussion

FS-BGP, THU, AsiaFI 2011

csa achieves feasible path authentication
CSA achieves Feasible Path Authentication
  • Paths can be verified in FS-BGP are all feasible paths [Theorem 1]

Signed paths

in S-BGP

Signed paths

in FS-BGP

All feasible

paths

1. Outdated path

2. Current path

3. All not announced path

1. Outdated path

2. Current path

3. Revealed path

1. Outdated path

2. Current path

FS-BGP, THU, AsiaFI 2011

forge a path in fs bgp is possible
Forge a path in FS-BGP is possible
  • Forged path (Revealed path) in FS-BGP
    • Using authenticated path segments, manipulator can construct forged path, which is feasible but currently not announced.
  • amforgepath pd

a4construct pathpf,then hijack prefixf

FS-BGP, THU, AsiaFI 2011

conditions of effective hijacking
Conditions of Effective Hijacking
  • (1) Forge a path in FS-BGP is very difficult
    • Must be constructed using received authenticated path segments
    • Must not be announced by the intermediate ASes
    • Can not be shorter than 5 hops [Theorem 3]
  • (2) Forged path is still feasible, and only temporarily not received by the attacker!
    • Consider effective hijacking: the traffic is not forwarded by the attacker under normal status
  • (3) Only short enough forge-pathcan be used for an effective hijacking [Theorem 2]

FS-BGP, THU, AsiaFI 2011

prevent effective hijacking
Prevent Effective Hijacking
  • Using ASPP, can grantee that attacker can not concatenate short enough forge path
  • Not short enough: other paths are not shorter than the optimal path (longest live-time)

{a4, a3, a2}a3

{a4, a3, 3, a2}a3

pf=<a5, a4, a3, a3, a3, a2, a1>

FS-BGP, THU, AsiaFI 2011

spp suppressed path padding
SPP: Suppressed Path Padding
  • Suppressed Path: paths with lower local preference in the decision process
  • Suppressed path may shorter than optimal path
  • SPP:
    • General
    • Optional
    • Easy to Implement

Computeki:

  • Basic decision process:
  • Highest Local Preference (LP)
  • Shortest Path Length (PL)
  • Tie Breaks (TB)
  • Path categories:
  • Suppressed Path
  • Sub-optimal Path
  • Optimal Path

FS-BGP, THU, AsiaFI 2011

outline3
Outline
  • Introduction
  • FS-BGP: Fast Secure BGP
  • Evaluation
    • Security Level
    • Computational Cost
  • Discussion

FS-BGP, THU, AsiaFI 2011

security level
Security Level

Current

Path

FSBGP

S-BGP

FSBGP (no SPP)

Security

Feasible

Path

soBGP

Infeasible

Path

Low

High

Cost

FS-BGP, THU, AsiaFI 2011

computational cost
Computational Cost
  • 30 days’ real BGP updates from backbone routers

S-BGP

S-BGP

FS-BGP

FS-BGP

FS-BGP, THU, AsiaFI 2011

# verifications in every second

# signings in every second

outline4
Outline
  • Introduction
  • FS-BGP: Fast Secure BGP
  • Evaluation
  • Discussion
    • Support complicated routing policies
    • Protect privacy

FS-BGP, THU, AsiaFI 2011

complicated routing policies
Complicated Routing Policies
  • ASmay use complicate route filters to describe their routing policies
    • Prefix filter:
    • Path filter:
    • Origin filter:
  • FS-BGPcan flexibly extend and support route filters

 Included feasibleprefixes into CSA

 Sign whole path

 Included feasible origins into CSA

FS-BGP, THU, AsiaFI 2011

revisit the route filters
Revisit the route filters
  • Quantity of route filter
    • According our statistical result in IRR database, only a very small portion of policies use route filters
  • Purpose of route filter
    • Some (i.e., origin/path filter) are set forsecurity considerations, rather than policy requirements.
    • Others (i.e., prefix filter) are set for traffic engineering, to identifying the preference of a route, rather than the feasibility of a path

FS-BGP, THU, AsiaFI 2011

privacy protection
Privacy Protection
  • Privacy: customer list …
  • FS-BGP can protect privacy data
    • Message spreading manner is same to BGP
    • Path segments not reveal additional info.
    • Path segments can only be passively received by valid BGP UPDATEreceivers
    • Do NOT offer any kinds of public accessible policy database

FS-BGP, THU, AsiaFI 2011

thanks
Thanks!
  • FS-BGP: Fast Secure BGP
    • CSA: Critical Segment Attestation
    • SPP: Suppressed Path Padding
  • Evaluation
    • Similar security level as S-BGP
    • Reduced the cost by orders of magnitude
    • Support complicated routing policies
    • Protect privacy

Q&A

FS-BGP, THU, AsiaFI 2011