Introducción al RPKI (Resource Public Key Infrastructure)

Size: px

Start display at page:

Download "Introducción al RPKI (Resource Public Key Infrastructure)"

Megan Cannon
5 years ago
Views:

4 Problem Statement 1: BGP Secure Origin AS Is the origin AS at the ASPATH BGP attribute authorized by the entity with the right of use for the IP address block to originate a BGP announcement? Problem Statement 2: Path Validation Has a given BGP UPDATE packet really transited through a router in all the ASes in the ASPATH attribute and in the correct order? 2011 Cisco and/or its affiliates. All rights reserved. 4

AS70 incorrectly origins 10.1.1/24 AS20 ends up choosing path sourced by AS70 due to the shorter AS Path AS 30 AS70 ends up hijacking 10.1.1/24 AS 20 AS 40 AS 50 AS 60 AS 70 10.

5 AS70 incorrectly origins /24 AS20 ends up choosing path sourced by AS70 due to the shorter AS Path AS 30 AS70 ends up hijacking /24 AS 20 AS 40 AS 50 AS 60 AS / /24 AS70 ends up hijacking route for / Cisco and/or its affiliates. All rights reserved. 5

6 Recently: 31 st Jan NANOG Mailing list The routes for networks: /20, /20, and /20 are registered in various IRRs all as having an origin AS11325 (ours), and are directly allocated to us.the malicious hijacking is being announced as /24s therefore making routeselection pick them. Notable origin incidents: - China Telecom incident with 15% of Internet routes ~37K (2010) - YouTube blocked by Pakistan Telecom (2008) - CTBC Brazil leaked full BGP table to local IXP (2008) - AS 7007 incident (1997) 2011 Cisco and/or its affiliates. All rights reserved. 6

7 IXP Route Server: Open Peering, no Peering AS1 AS2 AS1 Full Internet Table IGP 1- AS1 re-distributed Full Internet table in IGP with community X 2- AS2 re-distributed IGP in ebgp session to routeserver for community X (ASPATH=1) 3- Route-Server sent updates to rest of ASes in IXP 4- All Internet traffic through IXP to AS1 5- ebgp session from AS1 to Route-Server turned down due to traffic conditions 6- Repeat Cisco and/or its affiliates. All rights reserved. 7

IXP Route Server: Open Peering, no Peering AS1 AS1 Full Internet Table IGP AS2 1- AS1 re-distributed Full Internet table in IGP with community X 2- AS2 re-distributed IGP in ebgp session to

8 IXP Route Server: Open Peering, no Peering AS1 AS1 Full Internet Table IGP AS2 1- AS1 re-distributed Full Internet table in IGP with community X 2- AS2 re-distributed IGP in ebgp session to routeserver for community X (ASPATH=1) 3- Route-Server sent updates to rest of ASes in IXP 4- All Internet traffic through IXP to AS1 5- ebgp session from AS1 to Route-Server turned down due to traffic conditions 6- Repeat. BGP Secure Origin AS in Route Server would have avoided this incident 2011 Cisco and/or its affiliates. All rights reserved. 8

9 Current (Aug 2013) total size of IPv4 routing table: prefixes Total ASes present in Table: Origin Only ASes: / Transit Ases: 5920 ASes announcing only one prefix: Average prefixes per AS: Unregistered ASNs in the Routing Table:1812 LACNIC: Current (Aug 2013) total size of IPv4 routing table: prefixes Origin Only ASes: 2005/ Transit ASes: 377 ASes announcing only one prefix: 566 Average prefixes per AS: (*) Ref: Global Routing Table report: (**) Ref: How Secure are Secure BGP Protocols, Sharon Goldberg, Microsoft Research & Boston University, NANOG Cisco and/or its affiliates. All rights reserved. 9

AS 10 originates a prefix and only announces it to AS 15 AS 20 inserts itself in the ASPATH 10.1/16 AS 30, AS15, AS 10 AS 20, AS 10 AS 40 10.

10 AS 10 originates a prefix and only announces it to AS 15 AS 20 inserts itself in the ASPATH 10.1/16 AS 30, AS15, AS 10 AS 20, AS 10 AS /16 AS 30, AS 15, AS 10 AS 60 AS 20, AS 10 and incorrectly announces AS 10 s prefix to AS 40, AS 60, AS 30 AS 50 and AS 50 who ends up choosing path from AS 20 instead of AS 30 AS 15 AS /16 AS 30, AS 15, AS 10 AS 20, AS /16 AS 10 AS 20 ends up hijacking route announced by AS Cisco and/or its affiliates. All rights reserved. 10

Man in the middle example: Stealing the Internet, Defcon 16. Alex Pilosov and Tony Kompela. 2008 Targeting: AS50 & AS60 traffic toward AS10 10.1/16 AS 30, AS15, AS 10 AS 40 10.

11 Man in the middle example: Stealing the Internet, Defcon 16. Alex Pilosov and Tony Kompela Targeting: AS50 & AS60 traffic toward AS /16 AS 30, AS15, AS 10 AS /16 AS 30, AS 15, AS 10 AS 60 AS 20, AS 10 Do not poison AS40 and use it for return path TTL Manipulation to enable stealth Packets forwarded to AS /16 AS 30 AS 15 AS 10 AS 20 AS /16 AS 30, AS 15, AS 10 AS 20, AS 10 AS 20 ends up hijacking route announced by AS Cisco and/or its affiliates. All rights reserved. 11

12 Secure Inter-domain routing has three components RPKI Infrastructure Offline repository of verifiable secure objects Follows resources (IPv4/v6 + ASN) allocation hierarchy to provide right of use SPs needs to generate its corresponding objects BGP Secure Origin AS BGP PATH Validation You only validate the Origin AS of a BGP UPDATE Solves most frequent incidents (*) No changes to BGP nor router s hardware impact Standardization almost finished and running code New BGP attribute + capability (BGPSEC) Forward signing ASPATH attribute Standardization underway 2011 Cisco and/or its affiliates. All rights reserved. 12 (*) Ref: How Secure are Secure BGP Protocols, Sharon Goldberg, Microsoft Research & Boston University, NANOG 49

Secure Inter-domain routing has three components RPKI Infrastructure Offline repository of verifiable secure objects Follows resources (IPv4/v6 + ASN) allocation hierarchy to provide right of use SPs

13 Secure Inter-domain routing has three components RPKI Infrastructure Offline repository of verifiable secure objects Follows resources (IPv4/v6 + ASN) allocation hierarchy to provide right of use SPs needs to generate its corresponding objects BGP Secure Origin AS BGP PATH Validation You only validate the Origin AS of a BGP UPDATE Solves most frequent incidents (*) No changes to BGP nor router s hardware impact Standardization almost finished and running code New BGP attribute + capability (BGPSEC) Forward signing ASPATH attribute Standardization underway 2011 Cisco and/or its affiliates. All rights reserved. 13 (*) Ref: How Secure are Secure BGP Protocols, Sharon Goldberg, Microsoft Research & Boston University, NANOG 49

14 Review of problem to solve We Will focus on BGP Secure Origin AS, which vast majority of known incidents IXP s route servers as a natural place to place BGP Secure Origin AS Resource Public Key Infrastructure as the base for a secure routing solution RPKI Operation Model Q&A 2011 Cisco and/or its affiliates. All rights reserved. 14

15 Review of problem to solve We Will focus on BGP Secure Origin AS, which vast majority of known incidents IXP s route servers as a natural place to place BGP Secure Origin AS Resource Public Key Infrastructure as the base for a secure routing solution RPKI Operation Model Q&A 2011 Cisco and/or its affiliates. All rights reserved. 15

16 Basically two solutions to provide public-key chains of trust: Hierarchical model: X509 based solutions: SMIME, TSL Key-based chains of trust: DNSSEC Web-of-Trust model: PGP RPKI implements a resource certification chain of trust based on X.509 certificates 2011 Cisco and/or its affiliates. All rights reserved. 16

17 ITU standard issued in 1988 Assumes a hierarchy system of Certificate Authorities (CAs) for issuing certificates. A certificate is a ASN.1 document, which profile is defined by RFC 5280 Each CA issues certificates and which may be publically available in a repository Each CA will also issue a Certificate Revocation List (CRL) listening all certificates that have been revoked A Relaying party is an entity that performs the validation of X509 certificates Example applications for X509: Mail Authentication (SMIME), Web Server Authentication (TLS), User Authentication (TLS, SSO), etc Cisco and/or its affiliates. All rights reserved. 17

18 Version = 3 Serial Number Algorithm ID Issuer Validity: Not Before Not After Subject Subject Information Access (SIA): URI for CA s publication point CRL Distribution Points: URI with CRL location Subject Public Key Extensions (optional) Certificate Signature Unique ID in a CA for certificate. Used to identify certificate in CRL Creates Hierarchy: Parent CA to Child CA CA to End Entity (EE) 2011 Cisco and/or its affiliates. All rights reserved. 18

19 RPKI is not an identity PKI. Names are meant to be meaningless. RFC 3779 creates an extensions to encode IP addresses and ASNs in an X509 certificate. You can include either a prefix or an address range without boundary RFC 3779 extensions could be inherited from issuer to subject 2011 Cisco and/or its affiliates. All rights reserved. 19

Each RIR generates certificate for each prefix it assigns and distributes certificate

you can prove I said this by validating that I have signed the certificate Getting the

Version Serial Number Signature Algorithm Issuer Subject Subject Public Key Extensions

20 Each RIR generates certificate for each prefix it assigns and distributes certificate along with the prefix The Certificate says I m giving this customer of mine prefix P and you can prove I said this by validating that I have signed the certificate Getting the public key is straightforward using the usual PKI methods Each ISP sub-allocating prefix blocks makes same statement. OpenSSL 1.0c and forward implementsrfc 3779 However, you need to enable it at./configure time. Version Serial Number Signature Algorithm Issuer Subject Subject Public Key Extensions Subject Information Authority (SIA) Authority Information Access (AIA) Addr: Asid: Cisco and/or its affiliates. All rights reserved. 20

21 CA Issuer: IANA Subject: IANA Public Key IANA 0/0 Signed by IANA CA Issuer: IANA Subject: LACNIC Public Key LACNIC 200/8 Signed by IANA CA Issuer: LACNIC Subject: ISP Public Key ISP /16 Signed by LACNIC 2011 Cisco and/or its affiliates. All rights reserved. 21

22 Cryptographic Message Syntax (RFC 5652) allows the signature/ encryption of arbitrary data using ASN.1 format Examples of CMS use include: secure [RFC5751], key management [RFC5958], and firmware updates [RFC4108] Each Signed Object needs to be signed by an End-Entity Certificate and not by a CA certificate In RPKI an EE certificate is normally created for each signed object and it is included in the CMS wrapper. RPKI objects based on CMS: - Route Origin Authorizations (ROAs) - Manifests for the Resource Public Key Infrastructure - Ghostbusters Record 2011 Cisco and/or its affiliates. All rights reserved. 22

23 It is the End Goal for BGP Origin AS that ties IP address to Origin AS Validation only happens based on IP address hierarchy and NOT on Origin AS You can insert any AS number In a same ROA you can make several assertions. No need for one prefix=one ROA for the same origin AS. Important Fields: - ROAIPAddress: Prefixes/Prefix Legnth) - maxlength (optional): maximum length of the IP address prefix that the AS is authorized to advertise. If not available maxlength=prefix Length 2011 Cisco and/or its affiliates. All rights reserved. 23

Each AS publishes a cryptographically signed ROA that declares association of its

0/16-24 AS 3130 Signature The ROA says I m authorizing AS <3130> to be the origin for

0/16-24> and you can prove this by verifying the signature on this ROA ip prefix list ROA

24 Each AS publishes a cryptographically signed ROA that declares association of its prefixes with an Origin AS ROA /16-24 AS 3130 Signature The ROA says I m authorizing AS <3130> to be the origin for prefix < /16-24> and you can prove this by verifying the signature on this ROA ip prefix list ROA permit /16 le 24 The ROA is verified with the public key of the organization creating the ROA. The public key is available from the Certificate of the AS 2011 Cisco and/or its affiliates. All rights reserved. 24

CA Issuer: IANA Subject: IANA Public Key IANA 0/0 Signed by IANA CA Issuer: IANA Subject: LACNIC Public Key LACNIC 200/8 Signed by IANA CA Issuer: LACNIC Subject:

25 CA Issuer: IANA Subject: IANA Public Key IANA 0/0 Signed by IANA CA Issuer: IANA Subject: LACNIC Public Key LACNIC 200/8 Signed by IANA CA Issuer: LACNIC Subject: ISP_X Public Key ISP_X /16 Signed by LACNIC EE OrgX_EE 37.1/16 Signed by ISP_X ROA 37.1/16-24 AS X 2011 Cisco and/or its affiliates. All rights reserved. 25

26 Validation process involve: - Validation of End-Entity (EE) certificates that are included inside ROAs (RPKI hierarchy) - Validation of address prefixes included at the ROA attestation ROA Validation outcome: VALID: The ROA is conforming with validation process INVALID: The ROA is not conforming with validation process 2011 Cisco and/or its affiliates. All rights reserved. 26

28 Review of problem to solve We Will focus on BGP Secure Origin AS, which vast majority of known incidents IXP s route servers as a natural place to place BGP Secure Origin AS Resource Public Key Infrastructure as the base for a secure routing solution RPKI is a hierarchical chain of trust based on X509 certificates RPKI does not provide identity services but uses extensions for resources ROAs are the signed objects for BGP secure origin AS RPKI Operation Model Q&A 2011 Cisco and/or its affiliates. All rights reserved. 28

29 Review of problem to solve We Will focus on BGP Secure Origin AS, which vast majority of known incidents IXP s route servers as a natural place to place BGP Secure Origin AS Resource Public Key Infrastructure as the base for a secure routing solution RPKI is a hierarchical chain of trust based on X509 certificates RPKI does not provide identity services but uses extensions for resources ROAs are the signed objects for BGP secure origin AS RPKI Operation Model Q&A 2011 Cisco and/or its affiliates. All rights reserved. 29

30 Parent CA Publication protocol Provisioning Protocol (up/down) repository rsync Subordinate CA Publication protocol repository rsync RPKI Infrastructure Configure your ROA: Authorize the use of your prefixes and publish to the rest of the word 2011 Cisco and/or its affiliates. All rights reserved. 30

31 BGP Peer Parent CA Subordinate CA Publication protocol Provisioning Protocol (up/down) Publication protocol RPKI Infrastructure repository repository rsync rsync rpki-router protocol RPKI Validator & Cache ebgp Peering Router rpki-router protocol ISP Infrastructure (relaying party) Peering Router ibgp + ext Com. BGP Peer ebgp 2011 Cisco and/or its affiliates. All rights reserved. 31

Cache ebgp Peering Router rpki-router protocol ISP Infrastructure (relaying party) BGP Peer Peering Router ibgp + ext Com.

32 Parent CA Subordinate CA Provisioning Protocol (up/down) Configure your trust anchors: Who to you trust to set your policies? Publication protocol Publication protocol RPKI Infrastructure repository repository rsync rsync rpki-router protocol RPKI Validator & Cache ebgp Peering Router rpki-router protocol ISP Infrastructure (relaying party) BGP Peer Peering Router ibgp + ext Com. ebgp Configure your ROA: Authorize the use of your prefixes and publish to the rest of the word BGP Peer 2011 Cisco and/or its affiliates. All rights reserved. 32

33 Hosted Model: Most entities LACNIC implements the certification application to create and maintain signed objects for the entities LACNIC published the entities s signed object in a public and highly available repositories LACNIC hosts the members private key Delegated model: National registries or entities that needs to keep business logic LACNIC only signs and publishes CA certificate for the entity The entity implements application for generation of additional signed objects The entity mantains repository for those additional signed objects Delegated entity can sub-delegate to other child-cas Communication between CAs is performed via the RPKI provisioning protocol (UP/DOWN) Open Source tool available at: Cisco and/or its affiliates. All rights reserved. 33

There is not IANA root yet, each region has its own self-signed CA All regions have hosted services offering for IPv4/IPv6 since 2012 Currently 3% of global

34 There is not IANA root yet, each region has its own self-signed CA All regions have hosted services offering for IPv4/IPv6 since 2012 Currently 3% of global prefixes covered but growing extremely fast (200% yearly) Some cool statistics: Cisco and/or its affiliates. All rights reserved. 34

35 RTA es autofirmado Clave privada offline LACNIC RTA Recursos de LACNIC LACNIC Producción <<INHERITED>> Cadena de firmas ISP #2 Recursos del ISP #2 ISP #1 Recursos del ISP #1 ROA End Entity cert. ROA End Entity cert. End User CA #1 (Recursos del EU#1) ROA End Entity cert. ROA End Entity cert Cisco and/or its affiliates. All rights reserved. 35

36 Review of problem to solve We Will focus on BGP Secure Origin AS, which vast majority of known incidents IXP s route servers as a natural place to place BGP Secure Origin AS Resource Public Key Infrastructure as the base for a secure routing solution RPKI is a hierarchical chain of trust based on X509 certificates RPKI does not provide identity services but uses extensions for resources ROAs are the signed objects for BGP secure origin AS RPKI Operation Model Two models: hosted vs delegated LACNIC implements hosted service for its members RPKI deployment growing very fast with lead from LACNIC and RIPE regions Q&A 2011 Cisco and/or its affiliates. All rights reserved. 36

38 Thank you.

39 EBGP update Perform origin validation Apply inbound policy (policy _may_ match on validity state and set arbitrary attributes) Add to ADJ- RIB-IN Run BGP Bespath Router Install Route in RIB & FIB IBGP update (advertised with the attributes modified by outbound policy and/or with an origin validation extended community) 2011 Cisco and/or its affiliates. All rights reserved. 39

Route Security for Inter-domain Routing

Route Security for Inter-domain Routing Alvaro Retana (aretana@cisco.com) Distinguished Engineer, Cisco Services 3 This could happen to YOUR network 4 This could happen be happening to YOUR network 5 Agenda