������������������ � � �������������������������������� ����������������������������������������� �������������������������������������������� ���������������������� Routing Security Security Solutions CSE598K/CSE545 - Advanced Network Security Prof. McDaniel - Spring 2008 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 1 Solving BGP Security • Reality: most attempts at securing BGP have been at the local level ‣ Filtering ‣ Securing BGP peering • Future: a number of complex protocols have been proposed to solve some or all BGP security issue ‣ S-BGP ‣ soBGP ‣ IRV ‣ SPV • We will be looking at these solutions over the next couple of lectures CSE598K/CSE545 - Advanced Network Security - McDaniel Page 2
Filtering • Filtering just drops BGP message (typically advertisements) as they are passed between ASes ‣ Ingress filtering (as it is received) ‣ Egress filtering (as it is sent) • Types of filtering ‣ By prefix (e.g., bogon/martian list) ‣ By path (e.g., customer advertisement of provider routes) ‣ By policy (e.g., some “community” strings that represent paths/policies that an AS does not want to support) • ISP ASes aggressively filter ( the security mechanism) CSE598K/CSE545 - Advanced Network Security - McDaniel Page 3 Protecting Peer Communication • Two routers exchanging BGP messages (in a BGP session) need to secure communication. ‣ Integrity ‣ Confidentiality? ‣ Authenticity ‣ Non-repudability? • Note: This is often defined as a transport security issue, where just secure point-to-point communication is necessary. CSE598K/CSE545 - Advanced Network Security - McDaniel Page 4
MD5 • A simple solution (RFC 2385) ‣ Share a private secret (e.g., password) ‣ Compute an keyed message authentication code on each TCP packet passed between the two routers ‣ Check MAC upon receipt of each packet • You get ‣ Integrity ‣ Authenticity • Problem: this is manual configuration, which neither scales to many routers or supports key maintenance CSE598K/CSE545 - Advanced Network Security - McDaniel Page 5 Generalized TTL Security Mechanism • TCP time-to-live (RFC 3682) ‣ At a packets origination, the TTL is set to the maximum number of hops that the packet can traverse ‣ TTL decremented at each hop ‣ Packets are dropped when TTL goes to 0 • This ensures that packets stuck in transient routing loops do not congest the network • Idea : can we use the TTL to ensure that every packet received can from peer (assuming one hop)? ‣ Set TTL = 255 (Q: how about TTL=1?) ‣ Receiver checks TTL on all packets, if not 254, then forged • Issue: how much does this really tell you? CSE598K/CSE545 - Advanced Network Security - McDaniel Page 6
HOP Integrity • HOP integrity protocols implement peering secure communication that provides integrity/authentication ‣ Diffie-Hellman style key negotiation, data integrity, data authentication ‣ Idea : provide public key based per hop security, the simple constructions to enforce integrity constraints • Two protocols ‣ Weak - just per hop integrity (MAC) ‣ Strong - adds replay protection (sequence numbers) • Note: used to secure communication between a range of peers via a per-hop security (limitation?) CSE598K/CSE545 - Advanced Network Security - McDaniel Page 7 Smith/Garcia-Luna-Aceves • A (ad hoc?) suite of countermeasures 1. Encrypt all messages between peers 2. Add a message sequence number to all BGP messages • Protects against replayed or deleted messages 3. Add a sequence number (or time-stamps) to UPDATES 4. Add a PREDECESSOR path attribute 5. Digitally sign all the UPDATEs • Note: this gets beyond the basic peer security, and bleeds into the more general BGP security issues. CSE598K/CSE545 - Advanced Network Security - McDaniel Page 8
Question? • What attacks do these measures prevent? • If yes, how? ‣ Message replay ‣ Route replay ‣ Path forgery ‣ Path modification ‣ Forged route withdrawal ‣ Prefix hijacking CSE598K/CSE545 - Advanced Network Security - McDaniel Page 9 IPsec • IPsec provides all of the basic guarantees needed to implement router-to-router BGP security ‣ Independent of intermediate connectivity ‣ IKE/ISAKMP used to establish transient keys • Avoids cryptanalysis of long running keys ‣ ESP/AH provide confidentiality, integrity, replay protection ... • Problems: this is just a start ‣ Overheads can be expensive if not managed correctly ‣ Backward compatibility ‣ Key management CSE598K/CSE545 - Advanced Network Security - McDaniel Page 10
Peering Summary Integrity Confidentiality Replay Prevention DOS Prevention IPsec (ESP) yes yes yes yes IPsec (AH) yes no yes yes MD5 Integrity yes no yes no HOP Protocol yes no yes no GTSM no no no no Smith .et al. yes yes yes no • Reality: most of these schemes were hacks or stop-gap measures until IPsec became widely available ‣ Where secured at all, IPsec is generally used ‣ AH/ESP w/out confidentiality is popular ‣ Singly-homed customer/ISP peering is often not secured at all • Question: why is this reasonable? CSE598K/CSE545 - Advanced Network Security - McDaniel Page 11 Assignment #2 • Each of you is to implement a client/server file transfer application on OpenSSL in C. ‣ The client will send files. ‣ The server will receive files (on port 5005). • The client will send an initial transfer request, followed by blocks of the file. ‣ Startup: ./assignment2 [server] [filename] [block length] ‣ Part 1: run over unsecured connection ‣ Part 2: run over secured connection • Use your own certificates for client and server CSE598K/CSE545 - Advanced Network Security - McDaniel Page 12
Assignment #2 (cont.) • Transfer request: Field Data Type Length (bytes) Request Type (1) integer 1 Filename char 128 Filesize (bytes) unsigned long 4 Block length unsigned short 2 • Transfer block: Field Data Type Length (bytes) Request Type (2) integer 1 Block number unsigned long 4 Block length char variable CSE598K/CSE545 - Advanced Network Security - McDaniel Page 13 BGP Security Protocols • The big two, plus one (self-serving) • sBGP (Secure Border Gateway Protocol) ‣ [Kent et al. 99] • soBGP (Secure Origin BGP) ‣ [White et al. 03] • IRV (Internet Routing Validation) ‣ [Goodell et al. 03] CSE598K/CSE545 - Advanced Network Security - McDaniel Page 14
sBGP • sBGP was the first leading candidate for routing security, and highlighted much of IR security issues ‣ Still under consideration, but somewhat limited ‣ Model: Routing and origination announcements are signed • signatures are validated based on shared trust associations (CAs) • It all begins with the keys (really two parallel PKIs) 1. Binding routers and organizations to ASes. 2. Origin authentication PKI CSE598K/CSE545 - Advanced Network Security - McDaniel Page 15 Organization PKI • Keys for routers, AS numbers • Route attestations - attestations to the transient state of the network, e.g., the advertisements/routes ‣ Keys used to create these advertisements • Router certificates need to ascertain validity of instantaneous advertisements. ‣ You need to prove association between the network elements making statements and AS/organizations CSE598K/CSE545 - Advanced Network Security - McDaniel Page 16
Route Attestations AS2 AS3 AS4 AS5 AS 1 • Signing recursively: each advertisement signs everything it receives, plus the last hop. (4 , (3 , (2 , 1) k AS 2 ) k AS 3 ) k AS 4 CSE598K/CSE545 - Advanced Network Security - McDaniel Page 17 Address Attestations • Attestations of ownership and delegation very similar to that observed in origin authentication ‣ These are the “simple attestations” ‣ For example, assume that organization A delegates prefix p to organization B : ( p, B ) k A • Note: (surprisingly) sBGP distributes with address attestations out-of-band ‣ Thus everyone is required to obtain and validate their own copies of origin/ownership proving certificates. ‣ As in OA, validate path to ICANN CSE598K/CSE545 - Advanced Network Security - McDaniel Page 18
sBGP Issues • Single point of trust : is an authority that everyone will trust to provide address/path certification? ‣ Chinese Military vs. NSA? • Cost : validating signatures is very computationally expensive ‣ Can a router sustain the load? • Incremental deployability : requires changes to BGP message formats ‣ All implementations must change CSE598K/CSE545 - Advanced Network Security - McDaniel Page 19 soBGP • CISCO’s entry in the securing Internet routing rodeo ‣ Viewed as the manufacturer approach to implementing security within BGP • Released as a kind of refutation of sBGP, which was seen as too expensive and unwieldy to be practical. ‣ A more “open” model that allows providers to implement security much more flexibly, i.e., within the confines of existing policy and infrastructure • Basic approach : network providers themselves act as a joint authority, and issue certificates for all relevant routing data, e.g., policy, address management, paths. CSE598K/CSE545 - Advanced Network Security - McDaniel Page 20
Recommend
More recommend