S-BGP Workshop Topology by liaoxiuli

VIEWS: 10 PAGES: 8

									                  S-BGP Workshop Topology
                                                                      AS runs S-BGP
   ISP A            ISP B            ISP C                            Compromised S-BGP AS
                                                                      AS does not run S-BGP
 AS 64710          AS 64720         AS 64730
172.16.16 / 22    172.16.32 / 22   172.16.52 / 22
                                                          Private peering inter-AS
                                                          link

                                                      ISP H                     DSP D

                                                     AS 64780                  AS 64740
                                                    172.16. 128/ 21           172.16.50/ 24




 AS 64770          AS 64760         AS 64750         Autonomous System (AS)
172.16.112 / 22   172.16.96 / 21   172.16.84 / 22    Subscriber networks
                                                     number

   ISP G            ISP F            ISP E
                Scenario 1 – Two clients access a server
                                 Legitimate
                                    server                                       AS runs S-BGP
       ISP A                      B
                              ISP172.16.32.1         ISP C                       Compromised S-BGP AS
                                                                                 AS does not run S-BGP
      AS 64710          9.1   AS 64720     18.2     AS 64730
       16 / 22    9.2          32 / 22 18.3          52 / 22

                                                             All link addresses begin with 192.168.x.x
    10.7                                          29.5       All subscriber addresses are 172.16.X / Y

                   Subscriber traffic                                  ISP H
                                                                                    Adversary
                                                                      AS 64780       server
                                                             57.7     128 / 21
                                                                                     Adversary
                                                               48.5


      10.1       57.8                             29.3   48.8

      AS 64770                                      AS 64750
      112 / 21                                       84 / 22


Client GISP G                                        ISP E            Client E
       Scenario 1 – Misconfiguration by BGP AS
                           Legitimate
                              server                                     AS runs S-BGP
 ISP A                      B
                        ISP172.16.32.1       ISP C                       Compromised S-BGP AS
                                                                         AS does not run S-BGP
AS 64710          9.1   AS 64720     18.2   AS 64730
 16 / 22 9.2             32 / 22 18.3        52 / 22


10.7                                        29.5

               Subscriber traffic                             ISP H
                                                                            Adversary
                                                              AS 64780       server
                                                     57.7     128 / 21
                          Unauthorized                                       Adversary
                                                       48.5
                            Routing
                            UPDATE
10.1       57.8                             29.3   48.8               Unauthorized
               Traffic rerouted                                         Routing
AS 64770                                    AS 64750                    UPDATE
112 / 21       from AS not                   84 / 22
               running S-BGP
 ISP G                                       ISP E
         Scenario 2 – Two clients access a server
                         Legitimate
                            server                        AS runs S-BGP
 ISP A                    B
                      ISP172.16.32.1            ISP C     Compromised S-BGP AS
                                                          AS does not run S-BGP
AS 64710        9.1   AS 64720     18.2        AS 64730
 16 / 22 9.2           32 / 22 18.3             52 / 22


10.7                                           29.5

               Subscriber traffic




10.1                                           29.3

AS 64770      54.7    AS 64760          46.6   AS 64750
112 / 21 54.6          96 / 21                  84 / 22
                                 46.5


 ISP G                ISP F                     ISP E
Scenario 2 – Compromised S-BGP AS advertises
              another AS’s Prefix
                         Legitimate
                            server                              AS runs S-BGP
 ISP A                    B
                      ISP172.16.32.1        ISP C               Compromised S-BGP AS
                                                                AS does not run S-BGP
AS 64710        9.1   AS 64720      18.2   AS 64730
 16 / 22 9.2           32 / 22 18.3         52 / 22


10.7                                       29.5

               Subscriber traffic

         Traffic rerouted
         from AS not
         running S-BGP
10.1                                       29.3

AS 64770      54.7    AS 64760      46.6   AS 64750
112 / 21 54.6          32 / 22 46.5         84 / 22


 ISP G            ISP F        Routing      ISP E
    Unauthorized Prefix        UPDATE       Unauthorized prefix rejected by S-BGP
 Scenario 3 – Active Wiretapping between S-BGP
   ASes to Redirect Subscriber Traffic to Attacker
 Legitimate
   server                                                        AS runs S-BGP
    ISP A
 172.16.16.1             ISP B                ISP C              Compromised S-BGP AS
                                                                 AS does not run S-BGP
   AS 64710       9.1   AS 64720      18.2   AS 64730
    16 / 22 9.2          32 / 22 18.3         52 / 22


                        22.6                 29.5

                                                                              DSP D
                                                      Subscriber traffic
Valid Routing UPDATE                                                         AS 64740
                                                                            172.16.50/ 24



                                                                     47.5

                               22.2      29.3

                        AS 64760      46.6   AS 64750   47.4
  Illegitimate           96 / 21 46.5         84 / 22
      server
  172.16.16.1
                         ISP F                ISP E
     Scenario 3 – Modified UPDATE rejected by S-
                         BGP
 Legitimate
   server                                                        AS runs S-BGP
    ISP A
 172.16.16.1             ISP B                ISP C              Compromised S-BGP AS
                                                                 AS does not run S-BGP
   AS 64710       9.1   AS 64720      18.2   AS 64730
    16 / 22 9.2          32 / 22 18.3         52 / 22


                        22.6                 29.5

                                                                              DSP D
                                                      Subscriber traffic
Valid Routing UPDATE                                                         AS 64740
                                                                            172.16.50/ 24



                                                                     47.5

                               22.2      29.3

                        AS 64760      46.6   AS 64750   47.4
  Illegitimate           96 / 21 46.5         84 / 22
      server
  172.16.16.1
                   ISP F                      ISP E
Routing UPDATE modified by attacker          Modified UPDATE rejected by S-BGP
       S-BGP Operations at an ISP or Subscriber Organization

                                                     Registry or                                    Distributed
                                                        ISP                                         Cert/CRL/AA
                                                                                                     Repository

                                                          [1]

                                                                                 ISP/Org
            Routers                                                                      Certs,CRLs, AAs
                                                      ISP’s/Org’s                        from this ISP/Org
                                                                                                         Certs,CRLs,
                                                          CA
 [6] Policies &                                     [2a]         [2b]                                    AAs from
 [7b] Extracts                                                                                           all
                                                                                                         ISPs/Orgs
                                                                     CRLs    NOC Tools GUI
   Upload to             Generate              EE Certs
                                                                                         [4]
    Routers              Cert Reqs                                                 Create, Sign &
                                                                                   Upload List of            [5a]
signed                                        [3]
                                 Generate &         AAs, Certs, CRLs                Transactions
  files
1 per rtr         signed          Sign AAs
                    files
S-BGP             1 per rtr
Policies                Extract File           [5b] reconciliation
                      (Public Keys &                                  Certs,CRLs,AAs                Download
        [7a]             AA data)              Validate,                                              from
                                                                      downloaded from
                                              Extract, &                                            Repository
Manage                                                                  Repository
                                              Sign File
Policies

								
To top