limiting the power of rpki authorities
play

Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman - PowerPoint PPT Presentation

Dec 13, 2023 •178 likes •586 views

Applied Networking Research Workshop 2020 acm sigcomm Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer SIT Motivation - Resource Public Key Infrastructure (RPKI) secures the interdomain routing

  1. Applied Networking Research Workshop 2020 acm sigcomm Limiting the Power of RPKI Authorities Kris Shrishak Haya Shulman TU Darmstadt and Fraunhofer SIT

  2. Motivation - Resource Public Key Infrastructure (RPKI) secures the interdomain routing against prefix and subprefix hijacks - However, significant power lies with the Regional Internet Registries (RIRs) This Work - Distributed RPKI system that relies on threshold signatures - Prevention rather than detection - Ensures that any change to the RPKI objects requires a joint action by a number of RIRs, avoiding unilateral IP address takedowns - No changes required at Relying Parties 1 / 19

  3. Outline RPKI MPC Our work

  4. Prefix hijacks 2 / 19

  5. RPKI RPKI [RFC 6480] is a hierarchical PKI that includes: Routing Certificate (RC) Binds IP prefix to a public key Route Origin Authorization (ROA) Binds the prefix to AS - Signed by the public key associated with the RC Route Origin Validation (ROV) Validates the origin of BGP route announcements RPKI is a prerequisite for BGPSec [RFC 8205] that provides path validation. 3 / 19

  6. Delegated and Hosted RPKI Delegated RPKI - Members run their own CA - Member generates its own certificate, gets it signed by the parent CA 1 https://ripe77.ripe.net/presentations/156-RPKI-deployment-at-scale-RIPE-1.pdf 4 / 19

  7. Delegated and Hosted RPKI Delegated RPKI - Members run their own CA - Member generates its own certificate, gets it signed by the parent CA Hosted RPKI - RIR runs the CA for the members and manages the keys and repo - Convenient option for members as they do need to run their own CAs - Even some large providers such as Cloudflare use hosted RPKI 1 1 https://ripe77.ripe.net/presentations/156-RPKI-deployment-at-scale-RIPE-1.pdf 4 / 19

  8. Delegated and Hosted RPKI Delegated RPKI - Members run their own CA - Member generates its own certificate, gets it signed by the parent CA Hosted RPKI - RIR runs the CA for the members and manages the keys and repo - Convenient option for members as they do need to run their own CAs - Even some large providers such as Cloudflare use hosted RPKI 1 1 https://ripe77.ripe.net/presentations/156-RPKI-deployment-at-scale-RIPE-1.pdf 4 / 19

  9. Power imbalance - RPKI authorities can revoke and allocations - RPKI authorities can unilaterally takedown IP prefixes - Law enforcement 2 3 - ASes not necessarily in the same country as the RIR (no recourse, loss of business) - RIRs do not usually collude with each other, and often disagree with each other when it comes to their response to law enforcement agencies 4 2 RIPE NCC Blocks Registration in RIPE Registry Following Order from Dutch Police (2011) 3 ICANN Tells U.S. Court That ccTLDs Are Not “Property” — Files Motion to Quash in U.S. Legal Action Aimed at Seizing Top-Level Domains (2014) 4 M. Mueller, M. van Eeten, and B. Kuerbis. In important case, RIPE-NCC seeks legal clarity on how it responds to foreign court orders (2011) 5 / 19

  10. Prior Works - Adding transparency logs and .dead objects to signify consent 5 - Relying parties take a part of the burden - Detection after the fact - Parent manages the signing in hosted RPKI and can sign the .dead objects itself - Blockchain to replace RPKI 6 - Scalability - Deployment issues such as consensus algorithm and incentive for the nodes to run the blockchain - If Proof-of-Stake is used, large providers will become powerful players; another form of power imbalance 5 Heilman, et. al. From the consent of the routed: Improving the transparency of the RPKI (SIGCOMM’14) 6 Adiseshu Hari and T. V. Lakshman. The Internet blockchain: A distributed, tamper-resistant transaction framework for the Internet (HotNets’16) 6 / 19

  11. Outline RPKI MPC Our work

  12. Multiparty Computation (MPC) x 2 Trusted Third Party x 1 x 3 7 / 19

  13. Multiparty Computation (MPC) x 2 x 2 MPC Trusted Third Party x 1 x 1 x 3 x 3 7 / 19

  14. MPC Threshold Signatures Traditional Signatures Threshold Signatures { sk 1 , sk 2 , sk 3 } ← Share (sk) sk sk 2 MPC Indistinguishable sk 1 sk 3 8 / 19

  15. MPC Threshold Signatures Traditional Signatures Threshold Signatures { sk 1 , sk 2 , sk 3 } ← Share (sk) sk sk 2 MPC Indistinguishable sk 1 sk 3 8 / 19

  16. Outline RPKI MPC Our work

  17. Threat model Individual RIRs not entirely trusted x 2 x 2 MPC x 1 x 3 x 3 9 / 19

  18. Threat model Individual RIRs not entirely trusted x 2 x 2 Adversary power - Passive - Active MPC x 1 x 3 x 3 9 / 19

  19. Threat model Individual RIRs not entirely trusted x 2 x 2 Adversary power - Passive - Active MPC x 1 How many can be corrupt? - Minority x 3 x 3 9 / 19

  20. Threat model Individual RIRs not entirely trusted x 2 x 2 Adversary power - Passive - Active MPC x 1 How many can be corrupt? - Minority - Majority x 3 x 3 9 / 19

  21. System Setup Trust Anchor RPKI Threshold Signature RIR CA DB Module repos Hosted RPKI repos RPKI Threshold Signature Hosted CA DB Module 10 / 19

  22. Distributed RPKI RIPE NCC Threshold Signature repos CA repos Module ARIN AFRINIC MPC LACNIC APNIC 11 / 19

  23. Threshold signatures for RPKI { sk 1 , sk 2 , sk 3 , sk 4 , sk 5 } ← Share (sk) 12 / 19

  24. Threshold signatures for RPKI { sk 1 , sk 2 , sk 3 , sk 4 , sk 5 } ← Share (sk) sk 2 sk 4 consent MPC sk 1 sk 5 sk 3 repos repos 12 / 19

  25. Threshold signatures for RPKI { sk 1 , sk 2 , sk 3 , sk 4 , sk 5 } ← Share (sk) sk 2 sk 4 consent MPC sk 1 sk 5 sk 3 repos repos 12 / 19

  26. Threshold signatures for RPKI { sk 1 , sk 2 , sk 3 , sk 4 , sk 5 } ← Share (sk) sk 2 sk 4 consent MPC sk 1 sk 5 sk 3 repos repos 12 / 19

  27. Threshold signatures for RPKI { sk 1 , sk 2 , sk 3 , sk 4 , sk 5 } ← Share (sk) sk 2 sk 4 consent MPC sk 1 sk 5 sk 3 repos repos 12 / 19

  28. Threshold signatures for RPKI { sk 1 , sk 2 , sk 3 , sk 4 , sk 5 } ← Share (sk) Threshold signing should not be expensive sk 2 sk 4 consent MPC sk 1 sk 5 sk 3 repos repos 12 / 19

  29. Threshold Signature in 3 phases Preprocessing Preprocessing - Member independent - Member independent - Message independent MPC Online phase 13 / 19

  30. Threshold Signature in 3 phases Preprocessing Preprocessing - Member independent - Member independent - Message independent MPC Online phase 13 / 19

  31. Threshold Signature in 3 phases sk 2 Preprocessing Preprocessing - Member independent - Member independent sk 4 - Message independent MPC Online phase sk 1 sk 5 sk 3 13 / 19

  32. Threshold Signature in 3 phases sk 2 , M Preprocessing Preprocessing - Member independent - Member independent sk 4 , M - Message independent MPC Online phase sk 1 , M sk 5 , M sk 3 , M 13 / 19

  33. Deployment Scenarios - Two-layered - Is compatible with delegated RPKI - Upper layer generates a distributed TA to the five RIRs - Distributed key generation - All RIRs have the same subjectPublicKeyInfo in their TAL - Lower layer uses the threshold signing module for the Hosted CAs - Generates signed objects - Not entirely immune to state coercion - Flat - Combines RIR CA and hosted CA - Replaces the hierarchical RPKI with a flat architecture - Not compatible with delegated RPKI 14 / 19

  34. Evaluations Frankfurt 85.6 | 142 114.9 | 109 203.7 | 56 283.2 | 39 180.6 | 64 N. Virginia Mumbai 228.3 | 49 119.9 | 99 301.0 | 36 196.7 | 57 Sao Paolo Sydney 308.7 | 35 Figure: Latency in milliseconds | Bandwidth in Mbits/s between regions 15 / 19

  35. Evaluations ❤❤❤❤❤❤❤❤❤❤❤ Adversary power Passive Active Majority ❤ Honest Shamir Mal. Shamir Dishonest Semi. OT MASCOT Table: Four MPC protocols LAN WAN Preprocessing Online Preprocessing Online MASCOT 209 529 20 0 . 95 Semi OT 1042 662 111 2 . 05 Mal. Shamir 699 714 91 3 . 53 Shamir 1020 769 265 3 . 54 Table: Breakdown of throughput for preprocessing (tuples/sec) and online phases (signatures/sec) 16 / 19

  36. ROAs AFRINIC ARIN RIPENCC AFRINIC ARIN RIPENCC 100000 100000 APNIC LACNIC APNIC LACNIC 80000 80000 ROAs removed ROAs added 60000 60000 40000 40000 20000 20000 0 0 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - - - - - - 5 6 7 8 9 0 5 6 7 8 9 0 1 1 1 1 1 2 1 1 1 1 1 2 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 2 2 2 2 Dates Dates Figure: Number of ROAs added and removed from March 2015 to February 2020 17 / 19

  37. Evaluations In the WAN setting, - MASCOT: 0.95 signatures/sec or 82080 signatures/day - Shamir: 3.53 signatures/sec or 304992 signatures/day - Even our slowest protocol is able to satisfy the requirements on an average day. - Our other protocols are able to generate enough signatures even on peak days 18 / 19

  38. Summary of our work - Distributed RPKI with a stronger threat model - Using threshold signatures in preprocessing model - No changes at Relying Parties - Technical solution that requires legal and policy barriers to be addressed to make the work truly practical 19 / 19

  39. kris.shrishak@sit.tu-darmstadt.de RIPE NCC Threshold Signature repos CA repos Module ARIN AFRINIC MPC LACNIC APNIC

Recommend

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay)

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay)

A study of RPKI deployment and discussion for improvement RPKI is Coming of Age Taejoong (Tijay) Chung (https://tijay.github.io) Assistant Professor Rochester Institute of Technology 1 Outlines RPKI deployment and invalid route origins

583 views • 43 slides
Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing

Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing

Protecting Routing w ith RPKI Mark Kosters, ARIN CTO @ TeamARIN Agenda Operational routing RPKI Statistics challenges IRR Status Do we have a Research solution? Opportunities Using ARINs RPKI components @

889 views • 51 slides
Limiting the impact of network restrictions upon the provision of reactive power Place your

Limiting the impact of network restrictions upon the provision of reactive power Place your

Limiting the impact of network restrictions upon the provision of reactive power Place your chosen image here. The four corners must just cover the arrow tips. For covers, the three pictures should be the same size and in a straight line.

79 views • 7 slides
Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1

Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1

Some Available RPKI Tools Benno Overeinder Carlos Martinez Cagnazzo SIDR IETF87 @Berlin 1 Thursday, August 1, 13 RPKI Tools The authors believe the information already contained in the RPKI has value in itself, even for operators not

305 views • 11 slides
AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot

AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot

SECURING THE INTERNET VALIDATING ROUTING WITH RPKI AARON MURRIHY aaron.murrihy@reannz.co.nz 1 Apricot 2020 RPKI Feb 20 ABOUT US 2 Apricot 2020 RPKI Feb 20 ABOUT REANNZ New Zealands NREN Engineering team of 7

662 views • 54 slides
http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue

http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue

http://detector.io kaie@kuix.de Most Certificate Authorities (CA) have the power to issue certificates for any domain This means, most CAs are single point of failures, they might get hacked, or their power could get abused (by creating

534 views • 26 slides
From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny

From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny

From the Consent of the Routed: Improving the Transparency of the RPKI. Ethan Heilman Danny Cooper Leonid Reyzin Sharon Goldberg Boston University Aug 2014 Overview Motivation: The RPKI* (2011 to present) secures interdomain routing,

660 views • 27 slides
Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania

Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania

Overcoming Legal Barriers to RPKI Adoption Christopher S. Yoo University of Pennsylvania December 10, 2019 Research supported by NSF EAGER Award #1748362 Global RPKI Deployment ASes Validating Routes 5%, 5 3%, 3 9%, 8 12%, 11 71%, 65

216 views • 8 slides
RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing

RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing

RPKI and Routing Security Presentation | September 2015 Yerevan Regional Meeting Routing Security 2 Routing Registry route objects RPKI (Resource Public Key Infrastructure) ROAs (Route Origin Authorisation) RPKI and Routing

422 views • 31 slides
RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33 RPKI

RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33 RPKI

RPKI A quick configuration intro Massimiliano Stucchi | 19th January 2016 | UKNOF33 RPKI Overview Massimiliano Stucchi - RIPE NCC | 19th January 2016 | UKNOF33 2 Simply put 3 parts - Create certificates - Install/run validator -

562 views • 17 slides
Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0

Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0

Research and Innovation By Alain P. AINA 03/12/2015 Department objectives RPKI v2.0 Project: New RPKI system DNSSEC v2.0 Project: New DNSSEC signer IETF activities: Identity and join key WGs and RGs African Internet Resources

308 views • 13 slides
Introduction peak limiting current mode control . . . known since 1978, C. W. Deisch,

Introduction peak limiting current mode control . . . known since 1978, C. W. Deisch,

Introduction peak limiting current mode control . . . known since 1978, C. W. Deisch, Simple switching control method changes power converter into a current source, Conduction Modes of a Peak Limiting PESC78 [2] Current Mode

558 views • 6 slides
A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts

A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts

A Few Months In The Life Of An RPKI Validator http://rpki.net/ A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts Connection Counts Objects/Connection Seconds/Object Rob Austein

663 views • 32 slides
Power Quality Savings: Empowering Local Authorities to work for profitable Fulfilment of the

Power Quality Savings: Empowering Local Authorities to work for profitable Fulfilment of the

Power Quality Savings: Empowering Local Authorities to work for profitable Fulfilment of the Energy Savings Directive! Energia Europa title slide Ladies and Gentlemen, It is a pleasure to address you at this the first baseEUcities conference.

354 views • 7 slides
Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study.

Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study.

Implementing RPKI-based origin validation one country at a time. The Ecuadorian case study. IETF 89 LONDRES MARCH 2014 Fabin Meja Why and who? BGP origin validation based on RPKI is in early stages of deployment. It is necessary to

314 views • 13 slides
Spatiospectral limiting on Boolean cubes Jubilee of Fourier Analysis and Applications, NWC at

Spatiospectral limiting on Boolean cubes Jubilee of Fourier Analysis and Applications, NWC at

Spatiospectral limiting on Boolean cubes Jubilee of Fourier Analysis and Applications, NWC at UMD, 2019 joint work with Jeff Hogan Spatiospectral limiting Overview 1. Review: Time and band limiting: on R , Z and Z N 2. Spatio-spectral

633 views • 42 slides
Razor and ReCycle A M E E N A K E L Razor Razor Motivation Power Todays designs

Razor and ReCycle A M E E N A K E L Razor Razor Motivation Power Todays designs

Razor and ReCycle A M E E N A K E L Razor Razor Motivation Power Todays designs are extremely power hungry Power now a limiting factor Performance cannot be sacrificed (overall) to save on power Both situations must

1.08k views • 32 slides
Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B.

Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B.

Risk-Limiting Audits Defined Risk-Limiting Audits in CA Discussion Simpler Risk-Limiting Audits? Conclusions Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B. Stark 3 M. Briones 4 E. Ginnold 4

631 views • 23 slides
MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston

MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston

MaxLength Considered Harmful to the RPKI Yossi Gilad, Omar Sagga , Sharon Goldberg Boston University Outline Background How does BGP work? How does RPKI work? What is the maxLength? How maxLength causes problems

741 views • 34 slides
Differential Privacy and the Right to be Forgotten Cynthia Dwork, Microsoft Research Limiting

Differential Privacy and the Right to be Forgotten Cynthia Dwork, Microsoft Research Limiting

Differential Privacy and the Right to be Forgotten Cynthia Dwork, Microsoft Research Limiting Prospective Use } Lampsons approach empowers me to limit the use of my data, prospectively Limiting Future Use: Raw Data Limiting Future Use: Raw

638 views • 21 slides
Limiting Liability for COVID-19 Transmission June 10, 2020 Limiting Liability for COVID-19

Limiting Liability for COVID-19 Transmission June 10, 2020 Limiting Liability for COVID-19

Limiting Liability for COVID-19 Transmission June 10, 2020 Limiting Liability for COVID-19 Transmission June 10, 2020 Welcome We hope you are keeping well and safe. Fasken is committed to providing legal insight into the new and changing

586 views • 25 slides
WILL ANY PASSWORD DO? EXPLORING RATE-LIMITING ON THE WEB WAY18, Baltimore, MD, USA, 12 August

WILL ANY PASSWORD DO? EXPLORING RATE-LIMITING ON THE WEB WAY18, Baltimore, MD, USA, 12 August

RUHR-UNIVERSITT BOCHUM WILL ANY PASSWORD DO? EXPLORING RATE-LIMITING ON THE WEB WAY18, Baltimore, MD, USA, 12 August 2018 Maximilian Golla, Theodor Schnitzler, Markus Drmuth MOTIVATION Rate-limiting do not not more than reuse 8

468 views • 17 slides
STA 331 2.0 Stochastic Processes 4. Limiting Probabilities Dr Thiyanga S. Talagala August 25,

STA 331 2.0 Stochastic Processes 4. Limiting Probabilities Dr Thiyanga S. Talagala August 25,

STA 331 2.0 Stochastic Processes 4. Limiting Probabilities Dr Thiyanga S. Talagala August 25, 2020 Department of Statistics, University of Sri Jayewardenepura Markov chains: A Random Walk In-class 2 Limiting probabilities - Example Suppose

561 views • 15 slides
Key Rollover for the RPKI Steve Kent (Channeling Geoff

Key Rollover for the RPKI Steve Kent (Channeling Geoff

Key Rollover for the RPKI Steve Kent (Channeling Geoff Huston ) Key Rollover Document New doc: draC-huston-sidr-aao-profile-0-

494 views • 14 slides

More recommend