Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading...
-
Upload
elaine-flowers -
Category
Documents
-
view
216 -
download
0
Transcript of Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading...
![Page 1: Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.](https://reader036.fdocuments.net/reader036/viewer/2022082519/56649f165503460f94c2c4db/html5/thumbnails/1.jpg)
Secure Origin BGP: What is (and isn't) in a name?
Dan WendlandtPrinceton Routing
Security Reading Group
![Page 2: Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.](https://reader036.fdocuments.net/reader036/viewer/2022082519/56649f165503460f94c2c4db/html5/thumbnails/2.jpg)
History
Created by Cisco engineers as a light-weight
(computation and PKI) alternative to s-bgp.
Originally only secured “origin” of routes, but
topology information added later for additional
security.
Goal: A more real-world and usable system
![Page 3: Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.](https://reader036.fdocuments.net/reader036/viewer/2022082519/56649f165503460f94c2c4db/html5/thumbnails/3.jpg)
Certificate Types
Entity Cert: Organization -> ASN, Public Key
Policy Cert: ASN -> Neighbors, Security
Parameters
Authorization Cert: ASN -> Network Prefixes,
meta-data
![Page 4: Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.](https://reader036.fdocuments.net/reader036/viewer/2022082519/56649f165503460f94c2c4db/html5/thumbnails/4.jpg)
Changes to BGP
New “Security” Message (ie: updates are not used
for security data). Ability to “ask” neighbor for security certificates. Authorization, Entity Certificate and Path
Database
![Page 5: Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.](https://reader036.fdocuments.net/reader036/viewer/2022082519/56649f165503460f94c2c4db/html5/thumbnails/5.jpg)
“Web of Trust” for Public Keys
Root of Entity Cert trust hierarchy is not
necessarily ICANN, but instead a group of “well-
known entities”. It could also be private entity
like Verisign, or a collection of tier-1 ISPs. Ambiguity with respect to Auth Certs (need
ICANN hierarchy or not?)
![Page 6: Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.](https://reader036.fdocuments.net/reader036/viewer/2022082519/56649f165503460f94c2c4db/html5/thumbnails/6.jpg)
Origin Auth + Path “Plausibility”
Originating AS's are validated much like s-BGP AS-Path's are checked plausibility against
topology database, not attested with cryptography
Path Check bits in Policy Cert. Security Preference allows for “fuzzy” match.
![Page 7: Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.](https://reader036.fdocuments.net/reader036/viewer/2022082519/56649f165503460f94c2c4db/html5/thumbnails/7.jpg)
Processing Updates
Find Auth Cert for this prefix in local database. If route is originated by an ASN in the cert,
continue, else discard If path-check bit is set, check that each hop in the
AS-PATH exists in both directions in the path
database (alternately, just check 1st hop). Set “security preference” and install in RIB.
![Page 8: Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.](https://reader036.fdocuments.net/reader036/viewer/2022082519/56649f165503460f94c2c4db/html5/thumbnails/8.jpg)
Other Benefits
Policy Flexibility (let's you split an update,
advertising some prefixes, but not others) Less verification load vs path attestation (still need
crypto hardware though?). Robustness to gaps in deployment? Ability to “outsource” certificate validation to
servers, provide routers with databases. Include policy information in certificates (AS X
may not transit this route, etc)
![Page 9: Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.](https://reader036.fdocuments.net/reader036/viewer/2022082519/56649f165503460f94c2c4db/html5/thumbnails/9.jpg)
Dirty “Little” Issues
Peer links advertised (confidentiality)? Aggregation Determining extent of trust propagation within
web-of-trust. Difference between path plausibility and path
attestation? Where is database stored? Memory Issues in
keeping AS-level topology? Incremental Deployment needs multi-hop BGP
sessions to participants.
![Page 10: Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.](https://reader036.fdocuments.net/reader036/viewer/2022082519/56649f165503460f94c2c4db/html5/thumbnails/10.jpg)
References
ftp://ftp-eng.cisco.com/sobgp/index.html Extensions to BGP to Support Secure Origin BGP:
draft-ng-sobpg-bgp-extensions-01.txt soBGP Architecture & Deployment: draft-white-
sobgp-architecture-01.txt