Re: [sidr] Route Leaks and BGP Security

Jakob Heitz <jakob.heitz@ericsson.com> Mon, 21 November 2011 05:40 UTC

Return-Path: <jakob.heitz@ericsson.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7A5911E809C for <sidr@ietfa.amsl.com>; Sun, 20 Nov 2011 21:40:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.388
X-Spam-Level:
X-Spam-Status: No, score=-6.388 tagged_above=-999 required=5 tests=[AWL=0.211, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ig618wk1fcED for <sidr@ietfa.amsl.com>; Sun, 20 Nov 2011 21:40:51 -0800 (PST)
Received: from imr3.ericy.com (imr3.ericy.com [198.24.6.13]) by ietfa.amsl.com (Postfix) with ESMTP id 31F7111E808D for <sidr@ietf.org>; Sun, 20 Nov 2011 21:40:51 -0800 (PST)
Received: from eusaamw0707.eamcs.ericsson.se ([147.117.20.32]) by imr3.ericy.com (8.13.8/8.13.8) with ESMTP id pAL5eTcV026158 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 20 Nov 2011 23:40:30 -0600
Received: from EUSAACMS0701.eamcs.ericsson.se ([169.254.1.20]) by eusaamw0707.eamcs.ericsson.se ([147.117.20.32]) with mapi; Mon, 21 Nov 2011 00:40:29 -0500
From: Jakob Heitz <jakob.heitz@ericsson.com>
To: Danny McPherson <danny@tcb.net>, sidr wg list <sidr@ietf.org>
Date: Mon, 21 Nov 2011 00:40:27 -0500
Thread-Topic: [sidr] Route Leaks and BGP Security
Thread-Index: Acyk4NHdH1ffxpnPRL+kIyR4enOKPwDKu50g
Message-ID: <7309FCBCAE981B43ABBE69B31C8D21391A4704525E@EUSAACMS0701.eamcs.ericsson.se>
References: <20111117040124.18551.47190.idtracker@ietfa.amsl.com> <0863194F-7564-40A9-BB73-ABF8BB97C3AB@tcb.net>
In-Reply-To: <0863194F-7564-40A9-BB73-ABF8BB97C3AB@tcb.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [sidr] Route Leaks and BGP Security
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Nov 2011 05:40:53 -0000

To make the route leak problem tractable, we need a definition.
Here is my attempt:

If a destination AS, D originates a route and announces it
to provider P1, and P1 agrees to provide connectivity to
D, then D trusts P1 to do the right thing with the route.
If P1 has further contracted provider P2 to provide it
with connectivity, then it trusts P2 to do the right thing
with the routes it originates. By extension, D also trusts
P2. This chain may continue. It may also branch. The result
is a set of ASs that D trusts to do the right thing with
the routes it originates.

A source AS, S similarly has a set of ASs it trusts to
do the right thing with its routes.

When S sends a packet to D, that packet should traverse
only ASs that S trusts OR that D trusts. If the packet
traverses an AS that NEITHER S NOR D trusts, then a route
leak has occurred.

When a route announcement leaves the set of ASs trusted
by its originator, Brian's "transit" bit turns off.

--
Jakob Heitz.

> -----Original Message-----
> From: sidr-bounces@ietf.org [mailto:sidr-bounces@ietf.org] On Behalf
> Of Danny McPherson
> Sent: Wednesday, November 16, 2011 8:23 PM
> To: sidr wg list
> Subject: [sidr] Route Leaks and BGP Security
> 
> 
> Team,
> I've updated this draft based on some feedback received already.
> Given the discussion at the WG session, and the list discussion as
> of late, I'd like to ask that it become a WG item and used to inform
> the BGP Threat Model document -- particularly with regards to what's
> an acceptable residual risk and what is not.  Once that's
> comprehensive it can be used to inform secure routing requirements
> documents in the working group, and then we can begin assessing the
> feasibility of reducing various risks.
> 
> <http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-
> bgpsec-no-help-01>
> 
> Thanks!
> 
> -danny
> 
> 
> Begin forwarded message:
> 
> > From: internet-drafts@ietf.org
> > Date: November 16, 2011 11:01:24 PM EST
> > To: i-d-announce@ietf.org
> > Subject: I-D Action:
> > draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01.txt
> > Reply-To: internet-drafts@ietf.org
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> >
> > 	Title           : Route Leak Attacks Against BGPSEC
> > 	Author(s)       : Danny McPherson
> >                          Shane Amante
> > 	Filename        : draft-foo-sidr-simple-leak-attack-bgpsec-
> no-help-01.txt
> > 	Pages           : 5
> > 	Date            : 2011-11-16
> >
> >   This document describes a very simple attack vector that
> illustrates
> >   how RPKI-enabled BGPSEC machinery as currently defined can be
> easily
> >   circumvented in order to launch a Man In The Middle (MITM)
> attack via
> >   BGP.  It is meant to serve as input to the IETF's Secure Inter-
> Domain
> >   Routing working group during routing security requirements
> >   discussions and subsequent specification.
> >
> >
> > A URL for this Internet-Draft is:
> > http://www.ietf.org/internet-drafts/draft-foo-sidr-simple-leak-
> attack-
> > bgpsec-no-help-01.txt
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > This Internet-Draft can be retrieved at:
> > ftp://ftp.ietf.org/internet-drafts/draft-foo-sidr-simple-leak-
> attack-b
> > gpsec-no-help-01.txt
> >
> > _______________________________________________
> > I-D-Announce mailing list
> > I-D-Announce@ietf.org
> > https://www.ietf.org/mailman/listinfo/i-d-announce
> > Internet-Draft directories: http://www.ietf.org/shadow.html or
> > ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> 
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr