Re: [sidr] BGPSEC Threat Model ID

"Danny McPherson" <> Tue, 01 November 2011 19:52 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 00A8821F8F44 for <>; Tue, 1 Nov 2011 12:52:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5fHiwr0BC-Xg for <>; Tue, 1 Nov 2011 12:52:31 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D133C21F8D1D for <>; Tue, 1 Nov 2011 12:52:31 -0700 (PDT)
Received: from (localhost.localdomain []) by (Postfix) with ESMTP id AE1CB26800D; Tue, 1 Nov 2011 13:27:37 -0600 (MDT)
Received: from (SquirrelMail authenticated user by with HTTP; Tue, 1 Nov 2011 15:27:37 -0400 (EDT)
Message-ID: <>
In-Reply-To: <p06240807cad42f85eb7d@[]>
References: <> <p06240807cad42f85eb7d@[]>
Date: Tue, 01 Nov 2011 15:27:37 -0400
From: Danny McPherson <>
To: Stephen Kent <>
User-Agent: SquirrelMail/1.4.10a-1.fc6
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: sidr wg list <>
Subject: Re: [sidr] BGPSEC Threat Model ID
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Nov 2011 19:52:33 -0000

> Route leaks represent a violation of an ISPs local policy, i.e., the ISP
> is propagating routes that it, locally, did not intend to propagate.

Perhaps the network operator DID fully intend to propagate ("leak") those
routes in order to hijack and MITM traffic?  Any multi-homed customer can
launch such an attack today of this sort, and as a matter of fact, it
happens all the time, for benign or malicious purposes.

To say that this is not a "semantics violation" and therefore in scope
does not mitigate the risk.  How that risk can be considered as a
"Residual Risk" in a "Threat Model for BGP Path Security" document totally
escapes me?

> BGPSEC (or any analogous technology) can provide protection for BGP
> relative to two constraints:
> 	- the semantics of BGP have to align with the protection
> 	- the underlying PKI has to align with the protection
> Thus, for example, other attributes carried by BGP and for which the
> resource allocation system has no reference, cannot be protected.
> Similarly, route leaks, because they are a violation of a local policy,
> which is not expressed in BGP Update messages, cannot be addressed.

But they are certainly still risks, whether the proposals at
hand can mitigate them or not is orthogonal.  And even policy
expressed in IRRs and via RPSL can result in controls that can
be put in place to mitigate various aspects of those risk.  I
don't understand how we can ignore this as an objective here,
and we certainly cannot discard it so casually as a trivial
residual threat.  If some non-obvious or undisclosed roadmap
exists to solve this piece then I'm truly anxious to see it -
else it would seem to me secure IRRs bootstrapped by resource
certification data and perhaps even deployed to routers via some
rpki-rtr-esque protocol would provide a lot better protection
with a lot less overhead.

>>"False Origination" should probably be "network operator", not
>>ISP, in particular given the subsequent definition of ISP.
> please explain.

You use ISP in this draft as if they're the only ones who
may be multi-homed or trigger leaks or other functions, "network
operator" is much more broadly applicable and well beyond "ISP"
in the traditional sense.

>>The definition of "Route" seems to be missing the full set of
>>path attributes associated with the NLRI, it currently only
>>focuses on the AS_PATH attribute, and even omits the ORIGIN
>>code of the path.
> I think the definition does not omit the origin AS, but I will
> clarify the text.

I'm not talking about Origin AS, I'm talking about "ORIGIN Type
Code" Path Attribute (i.e., i, e, or ?).

> Our context assumes use of the RPKI, and the RPKI attests to only
> prefix and ASN holdings of entities, hence the focus on these
> attributes. For example, MPLS attributes are not supported in the
> RPKI, so they are out of scope here.

I think the "Threat Model" document should give consideration
to Path Attributes beyond just AS_PATH, particularly because most
are used in path selection.  If we think we don't need to protect
these because they are not in RPKI, then we should consider what
that means rather than assume RPKI contains the information for
all that we need to protect.

> The definition I used here has been widely used for many years
> in contexts where folks understand the importance of
> distinguishing among attacks,  adversaries, and motivations.
> Unlike the RPKI focus on config errors, BGPSEC focuses on attacks.
> As noted in above, route leaks are out of scope, because they
> do not represent violations of BGP semantics, as expressed
> externally.

If Enterprise_E is multi-homed to ISP_1 and ISP_2 and is a
transit customer of both, and then decides (or is compromised
and used to decide) that he wants to hijack traffic from ISP_1
towards ISP_2 for Prefix_P by announcing ISP_2's Enterprise_E2
Prefix_P to ISP_1 through Enterprise_E's local interconnect,
and "policy" makes it a more preferred path, how is this not
an attack?

And it's most certainly a threat and one that some consider
out of scope at that?

> I think the motivation and capabilities discussion justifies the
> distinctions between these classes of adversaries. The term
> "attacker" is generic and not useful as an adversary
> characterization.

Contextual use "attacker" is more generic than "hacker"?  Umm,
ok, I'm not attached to either..

>>S 4.3:
>>"This type of behavior cannot be externally detected as an attack."
>>/cannot/may not/
> I said "cannot" here because of the modifier "externally." To external
> observers, such behavior by an ISP may be viewed as odd behavior, but
> enough ISPs behave oddly enough to make this indistinguishable from
> an attack.

But it "may" be externally detectable, which was my point that
you've reinforced :-)

>>Such guidance and implementation may be precisely what an attacker
>>was hoping to instigate, no?  Further:
> The RPKI and BGPSEC designs place a high priority on maintaining
> the ability of ISPs to continue routing in the face of outages. Using
> cached, previously validated RPKI data is a good way to support this
> goal, in the face of outages, benign or malicious. So, I think we are
> making an appropriate decision here. An attacker can always try to
> effect DoS on targeted RPs, and has has fewer attack options when RPs
> can revert to cached data.

While I agree, this can enable downgrade or other attacks, no?
Just like clicking on that self-signed or expired intermediate
CA certificate warning in a web browser, right?  If so, the threat
model should indicate as such.

> I disagree. First, note that certs expire, but CRLs are defined as
> stale when the next issue date passes.  Manifests are defined as
> stale when the bundled EE cert is expired. Other signed objects that
> have bundled EE certs expire with their certs. In the absence of
> current, valid objects,

OK, see above..  Going through all this effort, and then using
"expired data" just seems dirty and opens up a bunch of ugliness
to me...

>>I'm surprised I don't see anything here about timing dependencies
>>between RPKI and BGPSEC routers, and variances across a BGPSEC system
>>having considerable potential impacts.  I think some discussion of
>>this is in order in a threats draft.
> There is no requirement that a BGPSEC router interact directly with
> the RPKI repository system. However, your question is still relevant
> if we substitute
> "local RPKI server" for "BGPSEC router." S 4.4 already deals with
> attacks against publication points, many of which are relevant to the
> timing concerns you cite above. The RPKI, is a distributed repository
> system with many maintainers. RPs ought not assume that they always
> have the very latest data from the system, and maintainers ought not
> assume that all RPs have the latest data.  This issue is addressed in
> detail in the RPKI key rollover doc.

But it's a threat and this is the threat document, right?  If
we're not going to include it here we should at least reference
those sections.

> Section 5 already addresses this, at a high level, see bold text:
> 	- the RPKI repository system may be attacked in ways that make
>          its contents unavailable, or not current. It is anticipated that
>          RPs will cope with this vulnerability through local caching of
>          repository data, and through local settings that tolerate
>          expired or stale repository data.
> I have changed this to say
> 	contents unavailable, not current current, or inconsistent.

Not current == expired.  I'll defer to crypto types here, but as
a first order function, I would like to see explicit text and reach
agreement that expired data should be used in the absence of current
data, and what the attack surface implications of using expired data

As usual, thanks for the thoughtful responses Steve.  I really am trying
to come to grips with what's being proposed, but I'm just not there on the
cost/benefit analysis at the moment.