Download AS 2 - Internet Society

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
Document related concepts

IEEE 802.1aq wikipedia , lookup

Computer security wikipedia , lookup

Net bias wikipedia , lookup

Transcript 
AreWeThereYet?
OnRPKIDeploymentandSecurity
YossiGilad
jointworkwith:AvichaiCohen,
AmirHerzberg,MichaelSchapira,HayaShulman
TheResourcePublicKeyInfrastructure
TheResourcePublicKeyInfrastructure(RPKI)mapsIP
preBixestoorganizationsthatownthem[RFC6480]
•  IntendedtopreventpreBix/subpreBixhijacks
•  Laysthefoundationforadvanceddefensesagainst
path-manipulationattacksoninterdomainrouting
–  BGPsec,SoBGP,…
2
RPKIAllowsRouteOriginValidation
AutonomousSystem(AS)XusestheRPKItoissueaRouteOrigin
Authoriza8on(ROA)mappingfrom91.0/10toAS3320
ROA:
91.0.0.0/10
91.0.0.0/10
Max-length=10
AS3320Path:Y-3320
91.0.0.0/10
Path:3320
RouteOrigin
Valida8on(ROV)
ASX
91.0.0.0/10
Path:666
AS666
ASY
AS
3320
Deutsche
Telekom
BGPAd.
Dataflow
3
3
TalkOutline
•  ROV
–  FirstmeasurementsofROV
–  How“good”isROVinpartialdeployment?
•  ROAs
–  Mistakes
–  ImprovingaccuracywithROAlert
4
FilteringBogusAdvertisements
Route-OriginValidation(ROV):
useROAstodiscard/deprioritizerouteadvertisementsfromunauthorizedorigins[RFC6811]
AutonomousSystem
ROAs
RPKIcache
RPKIpub.
point
Verifysignatures
91.0.0.0/10:
AS=3320,max-length=10
BGPRouters
5
MeasuringNon-ROV-FilteringASes
ASesthatpropagateinvalidBGPadvertisementsdo
notperformBiltering
Origin1
A
1.2.3.0/24
Origins1&2adverZseinBGP
RPKI-invalidIPprefixes
Origin2
B
C
RV
sensor
E
F
RV
sensor
D
4.5.6.0/24
6
MeasuringNon-ROV-FilteringASes
ASesthatpropagateinvalidBGPadvertisementsdo
notperformBiltering
Origin1
RouteViewssensorobserves
“bad”routeto:1.2.3/24
ASpath:C,A,Origin1
A
1.2.3.0/24
B
Origin2
4.5.6.0/24
D
C
RV
sensor
RouteViewssensorobserves
“bad”routeto:4.5.6.0/24
ASpath:F,E,D,Origin2
E
F
RV
sensor
7
MeasuringNon-ROV-FilteringASes
ASesthatpropagateinvalidBGPadvertisementsdo
notperformBiltering
Origin1
A
1.2.3.0/24
B
C
RV
sensor
E
F
RV
sensor
Wefindthatatleast78of100largestISPsdonotfilter
Origin2
D
4.5.6.0/24
ASesthatdon’tfilter
invalidadver8sements
8
WhatistheImpactofPartial
ROVAdoption?
•  CollateralbeneBit:
–  AdoptersprotectASesbehindthembydiscardinginvalidroutes
1.1.0.0/16
Max-length=16
AS1
AS666
To:1.1.1/24 AS3isonlyoffered
ASpath:666 agoodroute
AS
2
Origin
AS1
AS
3
To:1.1/16
ASpath:2-1
9
WhatistheImpactofPartial
ROVAdoption?
•  Collateraldamage:ASesnotdoingROVmightcauseASes
thatdoROVtofallvictimtoattacks!
– Disconnection:Adoptersmightbeofferedonlybadroutes
1.1.0.0/16
Max-length=16
AS1
AS666
AS2preferstoadverZse
routesfromAS666overAS1
Origin
AS1
To:1.1/16
ASpath:2-666
AS
2
AS
3
AS3receivesonlybad
adverZsementand
disconnectsfrom1.1/16
To:1.1/16
ASpath:1
10
WhatistheImpactofPartial
ROVAdoption?
•  Collateraldamage:ASesnotdoingROVmightcauseASes
thatdoROVtofallvictimtoattacks!
– Control-Plane-Data-PlaneMismatch!dataBlowsto
attacker,althoughAS3discardedit
1.1.0.0/16
Max-length=16
AS1
AS666
AS2adverZsesboth
prefix&subprefixroutes
AS2doesnotfilteranduses
badrouteforsubprefix
Origin
AS1
To:1.1.1/24
ASpath:2-666
AS
2
AS
3
AS3discardsbad
subprefixroute
To:1.1/16
ASpath:2-1
11
QuantifySecurityinPartialAdoption:
SimulationFramework
1.1.0.0/16
Max-length=16
ASA
A
• 
• 
• 
• 
B
C
D
E
F
PickvicZm&aeacker
VicZm’sprefixhasaROA
PicksetofASesdoingROV
EvaluatewhichASessend
traffictotheaeacker
G
H
I
J
K
Empirically-derivedAS-levelnetworkfromCAIDA
Includinginferredpeeringlinks[Giotsasetal.,SIGCOMM’13]
L
12
QuantifySecurityinPartialAdoption
•  TopISPadoptswithprobabilityp
•  SigniBicantbeneBitonlywhenpishigh
Subprefixhijack
Prefixhijack
successrate
successrate
13
QuantifySecurityinPartialAdoption
•  Comparisonbetweentwoscenarios:
–  today’sstatus,asreBlectedbyourmeasurements
–  alltop100ISPsperformROV
•  EachotherASdoesROVwithBixedprobability
Subprefixhijack
AdopZonbythetop100ISPsmakesahugedifference!
successrate
14
SecurityinPartialAdoption
Bottomline:
ROVenforcementbythetopISPsisbothnecessaryand
suf=icientforsubstantialsecuritybeneBitsfromRPKI
15
TalkOutline
•  SecurityinpartialROVdeployment
–  FirstmeasurementsofROV
–  How“good”isROVinpartialdeployment?
•  ROAs
–  Mistakes
–  ImprovingaccuracywithROAlert
16
MistakesinROAs
ManymistakesinROAs(seeRPKImonitor)
–  ``badROAs’’causelegitimatepreBixestoappearinvalid
–  BilteringbyROAsmaycausedisconnectionfromlegitimatedestinations
–  extensivemeasurementsin[Iamartinoetal.,PAM’15]
17
BadROAs
Concernfordisconnectionwaspointedoutinoursurvey
–  anonymoussurveyofover100networkoperators(detailsinpaper)
WhatareyourmainconcernsregardingexecutingRPKI-based
originauthenticationinyournetwork?
18
BadROAs
Whoisresponsiblefor“badROAs”?
•  HundredsoforganizationsareresponsibleforinvalidIP
preBixes,but…
•  Goodnews:mosterrorsduetosmallnumberoforganizations
19
InsecureDeployment:LooseROAs
1.2.0.0/16
Max-length=24
ASA
ROAallowsadverZsingsubprefixesuptolength/24
ASAoriginates1.2.0.0/16
butnot1.2.3.0/24
ROAis“loose”
1.2.0.0/16
Path:A
BGPAd.
ASA
Longest-prefix-match
Pathlengthdoesnotma^er
ASX
ValidadverZsement
sinceASAisthe“origin”
1.2.3.0/24
Path:666-A
AS666
Dataflow
20
InsecureDeployment:LooseROAs
•  LooseROAsarecommon!
–  almost30%ofIPpreBixesinROAs
–  manifestseveninlargeproviders
21
ImprovingAccuracywithROAlert
•  roalert.orgallowstocheckwhethernetworksareprotectedbyROAs
–  …andifnot,whynot
•  Online,proactivenotiBicationsystem
–  constantlymonitoring
–  notopt-in
•  RetrievesROAsfromtheRPKIandcomparesthemagainstBGPadvs.
•  Alertsnetworkoperatorsabout“looseROAs”&“badROAs”
22
ImprovingAccuracywithROAlert
•  Initialresultsarepromising!
–  notiBicationsreached168operators
–  42%oferrorswereBixedwithinamonth
23
Conclusion
•  TheRPKIcanbeveryeffectiveinpreventinghijacks
–  IncentivizeROVadoptionbythetopISPs!
–  BothsufBicientandnecessaryforsigniBicantsecuritybeneBits
•  Informationaccuracyisamajorchallenge
–  ROAlertinforms&alertsoperatorsabout:
•  BadROAs
•  LooseROAs
24
ThankYou!
Questions?J
25
Related documents
Chapter 1 and 2 Review
Chapter 1 and 2 Review
Howework 8
Howework 8
rov model “outland 1000”
rov model “outland 1000”
Seven Discovery
Seven Discovery
Monitoring and Measurement
Monitoring and Measurement
Upright Flying Lead Orientation Tool
Upright Flying Lead Orientation Tool
Expedition Meteor M74/2 – Makran Seeps
Expedition Meteor M74/2 – Makran Seeps
document
document
25routing
25routing
File
File