Origin Authentication in Interdomain Routing - PowerPoint PPT Presentation

About This Presentation

Title:

Origin Authentication in Interdomain Routing

Description:

Presenter: Lan Gao. 1. Origin Authentication in. Interdomain Routing ... Presenter: Lan Gao. 9. Address Delegation. The IPv4 address space is governed by IANA ... – PowerPoint PPT presentation

Number of Views:39

Avg rating:3.0/5.0

Slides: 38

Provided by: hansan

Learn more at: http://www.cs.ucr.edu

Category:

more less

Transcript and Presenter's Notes

Title: Origin Authentication in Interdomain Routing

1
Origin Authentication inInterdomain Routing

William Aiello, John Ioannidis, and Patrick
McDaniel
Proceedings of 10th ACM Conference on
Computer and Communications Security (CCS'03)

2
What does the paper solve?

Problem
How do we ensure that addresses are associated
with only those ASes that own them?
Origin Authentication
Provide a way to validate claims of address
ownership in interdomain routing
Authenticate address usage
Defense against
Attacks by malicious entities
misconfigurations

3
Overview

Background
Formalization
semantics of address delegation
Origin authentication proof systems
Modeling
address delegation graph
Evaluating resource costs

4
Interdomain Routing

The Internet consists of many routing domains
routing inside a domain is determined by an
intradomain routing protocol
routing between domains is governed by an
interdomain routing protocol
Intradomain and interdomain routing decisions are
largely made independently
Reasons
Scale
Administrative autonomy

5
BGP (Border Gateway Protocol)

BGP
the interdomain routing protocol used on the
Internet
routing domains is called Autonomous Systems
(ASes), e.g. ATT.
ASes
announce the prefixes that they own (IP address
ranges, e.g. 12.1.1.0/24) to its neighboring
ASes.
announce the prefixes that it learns from each of
its neighbors to its other neighbors.

6
Intra-AS and Inter-AS Routing Example
The route from A.d to B.b intra-AS and inter-AS
path segments.
Source Computer Networking A Top-Down Approach
Featuring the Internet
7
Security Issues in Interdomain Routing

ASes are not authenticated
Paths are not authenticated
Addresses are not authenticated
What is addressed in the paper?
Validate an ASs authority to advertise a prefix

8
Origin Authentication

Goal
Provide evidence (cryptographically strong
authentication tags) of the relations between
organizations, ASes, and prefixes.

BGP Speakers
Validated Address Advertisements
Address Advertisements
Evidence
9
Address Delegation

The IPv4 address space is governed by IANA
IANA delegates parts of the global address space
to organizations
Each organization may further
Delegate some or all of the received address
space to any organization it desires
Assign its address space to the AS in which the
addresses reside

10
Address Delegation Example

ATT delegates 12.1.1.0/24 to ALPHA
ATT assigns 12.0.0.0/8 to AS7018
Longest prefix matching for 12.1.1.0/24
Address announcements ASes advertise the set of
prefixes that they originate (prefix, ASN)

11
Definition Organization

ASN 1, 2, , K , where currently K 216
E.g. AS7018, AS29987
S all BGP speaking organizations
E.g. ATT, ARIN, ALPHA, BETA
ASN(C) AS currently assigned to C
E.g. for C ALPHA, ASN(C) AS29987
O S ? IANA ? other prefix registries

12
Definition Prefixes

IPA 0, 1 l, where l 32/64 for IPv4/IPv6
Address Prefixes x/j
x is a j bit number, and j ? 0, l , e.g.
128/8
x/j x?y y is a (l-j) bit number
IPA ?/0

x/j
x?1/(j1)
x?0/(j1)

Disjoint Union
Superset
subprefix superprefix

13
Prefix Tree of IPA
14
Definition delegation policy

For a given prefix y/k and an organization C
(C, y/k, n) C assigns y/k to an ASN n
(C, y/k, C) C delegates y/k to C
(C, y/k, R) C declares y/k as RESERVED
(C, y/k, U) Cs delegation or assignment of y/k
is UNAUTHENTICATED
C may perform zero, one, or more of the above
options
The set of triples is Cs delegation policy for
y/k

15
Subtree Semantics

Definition
a property of a prefix x/j implies the same
property for all of the subprefixes of x/j
Consider the previous delegation policy
Delegations, RESERVED and UNAUTHENTICATED
declarations have subtree semantics
Assignments do not have subtree semantics

16
Delegation Graphs

A directed graph G (V, E)
VO ? ASN ? R ? U ? ?
E(x, y/k, z)
Example
V IANA, ATT,
E (IANA,12.0.0.0/8,ATT),
Definition
Ownership Source
Assignment Edge
ASN-respecting

17
Valid Faithful

A directed path is valid for y/k if
The ownership source is IANA
The path is monotonic
The path is acyclic
The ass edge is labelled y/k and is
ASN-respecting
Cs delegation policy is faithful for y/k if
there is at most one triple in the form
(C, y/k, n)
(C, x/j, C), (C, x/j, U), or (C, x/j, R), where
x/j is a superprefix of y/k

18
Verification of Origin Announcements

OAs are verified by Origin Authentication Tags
(OATs)
A delegation path
A set of delegation attestation, one for each
edge in the path
An ASN Ownership Proof

19
Simple Delegation Attestation

A signature by C for a prefix x/j
( C, x/j, FC(x/j) ) C
A signed statement (by Cs key) binding the
prefix (x/j) to an organization identifier
(FC(x/j))
The simple delegation attestation for D(C)
( C, x1/j1, FC(x1/j1) ) C,
( C, x2/j2, FC(x2/j2) ) C,
,
( C, xs/js, FC(xs/js) ) C

20
SDA An Example

The delegation path for 12.1.1.0/24 is
(IANA, ATT, ALPHA, AS29987)
The delegation attestation for the path are
(IANA, 12.0.0.0/8, ATT)IANA,
(ATT, 12.1.1.0/24, ALPHA)ATT,
(ALPHA, 12.1.1.0/24, AS29987)ALPHA

21
Authenticated Delegation List

C creates a single list of all of its delegations
and sign that list
( C, x1/j1, FC(x1/j1) ) ,
( C, x2/j2, FC(x2/j2) ) ,
,
( C, xs/js, FC(xs/js) ) C
If C delegates xi/ji to B
C signs all of the delegations it makes to
everyone.
B advertises xi/ji and provides this attestation

22
ADL An Example

The delegation path for 12.1.1.0/24 is
(IANA, ATT, ALPHA, AS29987)
The delegation attestation for the path are
(IANA, 12.0.0.0/8, ATT),
(IANA, 64.0.0.0/8, ARIN)IANA,
(ATT, 12.1.1.0/24, ALPHA),
(ATT, 64.1.0.0/16, AS7018),
(ATT, 12.0.0.0/8, AS7018)ATT,
(ALPHA, 12.1.1.0/24, AS29987)ALPHA

23
AS Authenticated Delegation List

C breaks up the entire list into several lists
and signs each of the smaller lists.
The list is splitted according to those prefixes
delegated to the same organization or
assigned to the same AS number
If C delegates xi/ji to B
C signs all of the delegations it makes to B.
B advertises xi/ji and provides this attestation

24
AS ADL An Example

The delegation path for 12.0.0.0/8 is
(IANA, ATT, AS7018)
The delegation attestation for the path are
(IANA, 12.0.0.0/8, ATT)IANA,
(ATT, 64.1.0.0/16, AS7018),
(ATT, 12.0.0.0/8, AS7018)ATT

25
Authenticated Delegation Tree

C creates a Merkle hash tree
The values of the leaves ( C, x/j, FC(x/j) )
The values of each internal node H( L, R )
If C delegates xi/ji to B
C only signs the root h0C
C provides the value of the children of all of
the nodes on the path in the Merkel tree from the
root to ( C, xi/ji, B )
B advertises xi/ji and provides this attestation

26
ADT An Example
H(L12, R34)
H(L1, R2)
H(L3, R4)
(C, x1/j1, A)
(C, x2/j2, B)
(C, x3/j3, D)
(C, x4/j4, E)

The delegation attestation for (C, x2/j2, B)
H(L12, R34)C, H(L3, R4), (C, x1/j1, A)

27
Authenticated Delegation Dictionaries - 1

The model for an authenticated dictionary
An Authenticated Dictionary for C
Element (C, y/k, FC(y/k))
The search key address prefixes
Data Structure balanced 2-3 trees, with leaves
sorted based on the search key

28
Authenticated Delegation Dictionaries - 2

Prefix Tree rooted at x/j
A total order of the prefixes
x/j lt x?y/(jk) lt z/j
The smallest element x/j
The largest element x?1l-j/l

29
Authenticated Delegation Dictionaries - 3

ADD for C
The delegation attestation for (C, x2/j2, B)
The signed root k0?H(L123, R45)C
The value of the children of the nodes of the
path k3?H(L4, R5), (C, x1/j1, A), (C, x3/j3, D)
The search tree path

30
Approximating IP Address Delegation