Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening

Andrew Chi <achi@bbn.com> Fri, 06 April 2012 19:21 UTC

Return-Path: <achi@bbn.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AC7D21F8422 for <sidr@ietfa.amsl.com>; Fri, 6 Apr 2012 12:21:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jevcDwxVTHpq for <sidr@ietfa.amsl.com>; Fri, 6 Apr 2012 12:21:42 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id E684C21F8418 for <sidr@ietf.org>; Fri, 6 Apr 2012 12:21:41 -0700 (PDT)
Received: from dhcp89-089-139.bbn.com ([128.89.89.139]:65188 helo=[127.0.0.1]) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <achi@bbn.com>) id 1SGEik-000ERl-Jw; Fri, 06 Apr 2012 15:21:18 -0400
Message-ID: <4F7F423B.9090604@bbn.com>
Date: Fri, 06 Apr 2012 15:21:31 -0400
From: Andrew Chi <achi@bbn.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: "Murphy, Sandra" <Sandra.Murphy@sparta.com>
References: <64B29EFD-5C6E-4D0C-8E4F-92A2B5A86279@castlepoint.net> <p06240803cb99d283e548@[10.108.69.44]> <8D2985D4-07C3-42EE-A694-DAF24D34F84A@castlepoint.net> <4F7EFD25.5020709@bbn.com> <6D97C133-3EFD-4FD5-98B3-942530BD543C@castlepoint.net> <4F7F17D0.7020901@bbn.com>, <667584CE-B72C-4D66-8FE1-E19CDE6779BD@castlepoint.net> <24B20D14B2CD29478C8D5D6E9CBB29F60F6E4163@Hermes.columbia.ads.sparta.com>
In-Reply-To: <24B20D14B2CD29478C8D5D6E9CBB29F60F6E4163@Hermes.columbia.ads.sparta.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: sidr wg list <sidr@ietf.org>
Subject: Re: [sidr] draft-ietf-sidr-bgpsec-threats-02: Path shortening & lengthening
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sidr>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2012 19:21:43 -0000

On 4/6/2012 2:10 PM, Murphy, Sandra wrote:
> So where's the dos attack?
>
> (Do note that the bgpsec signatures would detect this at the first point that checked the signatures, so your neighbor would have spotted the injection - unless it was the source of the injection.)

So I think I finally see what Shane's getting at.  Let's say:

- I'm a bad actor (A)
- Bob is my neighbor (B)
- Charlie is Bob's neighbor (C)

A is trying to cause B and C to have different views of the world.  In 
addition, we must assume:

- B's router ignores AS_PATH and just uses BGPSEC_Path_Signature
- C's router checks both AS_PATH and BGPSEC_Path_Signature

As the bad actor, A injects C into the AS_PATH (malicious), but 
processes BGPSEC_Path_Signature normally, and sends the update to B.

- B verifies BGPSEC_Path_Signature only, passes it to C
- C detects a loop in AS_PATH and drops the update

A has just caused B to accept an update while simultaneously causing C 
to drop it silently.  While not a very strong attack (B could always 
filter the route anyway), I could imagine it being a starting point for 
causing confusion.

This is solved by prescribing that AS_PATH/AS4_PATH is ignored when 
BGPSEC is enabled, but Shane has a good point that we might need to 
coordinate with IDR on this.  I defer to the WG chairs on that coordination.

-Andrew