Post on 31-Jan-2016
description
SPV: Secure Path Vector Routing for Securing BGP
Leonel Ocsa Sáchez
leonel.ocsa.sanchez@hotmail.com
School of Computer Science
Economy and Critical Infrastructure
Internet
BGP
Security
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Introduction
Internet Packet Routing
BGPBorder Gateway Routing
Protocol
•Trusted enviroment
•Minimal Security against attacks
Introduction
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
S-BGP Secure BGP Routing Protocol
Authenticating of messages
Internet Routers
Requieres Computationa
l efficiency
Receive a high
volumen of messages
Burst
Introduction
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
It’s necessary Public Keys, Private Keys should be minimized for authenticating
Introduction
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
BGP Security Threats
SPV Secure Path Vector
It’s considered active attackers that actively inject malicious traffic
Strong Attacker Model
Compromises Routers in the
network
There are two main attack classes:
•Denial of Service (DoS)
•Falsification Attacks
BGP Security Threats - Denial of Service DoS
The classic DoS attack is a resource exhaustic attack.
The attacker fabricates inputs to evoke the worst-case running time.
The attacker can inject malicious TCP packets (TCP poising)The attacker
could simply flood TCP 179
To starve out the TCP connection between the two
routers
BGP Security Threats – Falsification Attacks
The attacker has caused a routing loop
Closely Related Work – Hop by Hop Authentication
Hop by Hop Authentication
To prevent attacks against
eBGP TCP
However the disadvantage is:
The falsification of access route cannot be adressed
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Closely Related Work – Securing BGP Updates
S-BGP
Certificates
An Adress Space PKI
An Ass Ownershi
p
The main Goal of S-BGP:Is to protect the ASPATH and prevent unauthorized advertisements of an IP prefix.
ASPATH
It´s a sequence of intermediate Ases between source an destination routers that form a direct route for packets to travel.
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Securing BGP
SPV
Removes the need for
routers perform computationally
expensive public key
cryptographic operations and
to store asymmetric private keys
Develops an ASPATH
protector
Routers need only store the
short-lived primary keys
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Securing BGP – Efficient Prefix Ownership Certificates
•It works with a smaller blocks service providers.
•Service providers often delegate blocks to their costumers.
•At each step in the delegation, the recipient of the address block an aymmetric prefix primary key to the represent the block.
•The address issuer uses it prefix private key to sign the prefix .
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Securing BGP – Cryptographic MechanismsThis system uses Merkle hash trees.
For this it’s posible to use a hash function like MD5
One way hash chains
This makes impossible for an
attacker to derive values
The main property of values of one-way chain is that once the receiver trusts that a value v_i is authentic, it can derive all following values of the chain, so an adversary cannot derive later values.
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Securing BGP – Cryptographic MechanismsSPV uses hash trees for three purposes:
•To authenticate the values of the single-ASN private key.•To authenticate several single-ASN public keys.•To authenticate de epoch public keys.
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Securing BGP – Basic ASPATH Protector
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Securing BGP – Basic ASPATH Protector
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Securing BGP – Advanced ASPATH Protector
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Evaluation - SPV Security against Attacks
For compute the security against signature forgery, and use these results to derive the parameters: n (number of private values per one-time signature) m (number of private values disclosed per one-time signature).
This graphic shows the probabilty of a number of attacks to be successfull
In particular, the attacker will not have a certificate for the correct prefix
The attacker is also generally unable to truncate arbitrary ASPATHs
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Evaluation - Comparison to S-BGP
S-BGP SPV
•Ensuring that an S-BGP AS cannot be falsely added to the ASPATH.• In S-BGP, threshold cryptogra- phy could be used, wherein peers together generate a key for the non-deploying AS, and use a separate protocol to sign UPDATEs for each other.•S-BGP ensures that each AS on the ASPATH has been transited by the UPDATE, and that ASNs cannot be dropped from the ASPATH.
•SPV does not achieve any properties in this case.• In SPV, a single entity computes the private keys, and signs each peer’s ASN into every UPDATE that would be protected by that private key.•In SPV, an attacker controlling two ASes can insert bogus ASNs between its two ASNs. In addition, as an AS receives several UPDATEs from a single prefix, this increment the probability truncate.SPV: Secure Path Vector Routing for Securing BGP
Presented by: Leonel Ocsa Sáchez
Evaluation - Comparison to S-BGP
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Evaluation – Performance EvaluationComputational Overhead
When an AS connects to many peers, the UPDATEs received over one second often take BGP over 100 seconds to process in software
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
Conclusions
•Secure BGP software implementations enjoy at least a 20-fold speedup over digital signatures
•SPV is a protocol leveraging symmetric-key cryptography for securing against the truncation and modification attacks. SPV is configurable to allow tradeoffs between security and CPU usage.
•SPV introduces three novel concepts to the design space of se- cure routing protocols: first, it includes private keys within the UPDATEs themselves; second, it does not authenticate the AS that inserts itself onto the path and finally, it provides security not by requiring overwhelming computational complexity
•SPV is much faster than S-BGP, so SPV would perform better in periods of high BGP traffic
•When replay attacks are considered a threat, SPV allows for shorter timeouts than does S-BGP, and therefore can more effectively secure against replay attacks.
SPV: Secure Path Vector Routing for Securing BGPPresented by: Leonel Ocsa Sáchez
SPV: Secure Path Vector Routing for Securing BGP
Leonel Ocsa Sáchez
leonel.ocsa.sanchez@hotmail.com
School of Computer Science