Securing Domain Control with BGP Attacks and Digital Certificates
Exploring the vulnerabilities of domain control verification in the context of BGP attacks and the role of digital certificates in ensuring security. The process of domain control verification, issuance of digital certificates by Certificate Authorities (CAs), and the significance of Public Key Infrastructure (PKI) are discussed. Learn how organizations can maintain secure connections through proper domain ownership verification.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Bamboozling Certificate Authorities with BGP 20174489 SEUNGHAN HONG
Introduction USENIX Security 18 Author : Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, Prateek Mittal
Overview Domain Control Verification BGP Attacks Quantifying Vulnerability Countermeasures Conclusion
Digital Certificate How we can sure that the domain is KAIST?
Digital Certificate How we can sure that the domain is KAIST? This is the mark which the domain has digital certificate.
Digital Certificate How we can sure that the domain is KAIST? This is the mark which the domain has digital certificate.
Domain Control Verification A process to verify the domain owner before signing certificate Certificate Authority (CA) is an organization which signs the certificate CA helps us to create secure connection to a server using Public Key Infrastructure (PKIs)
Domain Control Verification Owner of the domain request a certificate to CA
Domain Control Verification CA gives Domain Control Verification Challenge
Domain Control Verification Owner modifies the server
Domain Control Verification CA check whether the domain has correct answer
Domain Control Verification If it is correct, CA gives digital certificate to owner
Domain Control Verification If it is correct, CA gives digital certificate to owner
Overview Domain Control Verification BGP Attacks Quantifying Vulnerability Countermeasures Conclusion
Border Gateway Protocol (BGP) BGP is a standardized exterior gateway protocol designed to exchange routing and reachability information among Autonomous System (AS) on the Internet
Border Gateway Protocol (BGP) For example the AS containing 2.2.2.0/23 announce that he owns 2.2.2.0/23. Then AS1 announce that it can reach to 2.2.2.0/23 by 1 hop
High Level Idea: BGP Attack Man in the middle attack Attacks when CA calls HTTP GET example.com/verify.html
BGP Attack Normal procedure CA reach to correct server
BGP Attack Simplest Attack (sub-prefix attack) Use the same IP address to capture the victim s traffic
BGP Attack Routers prefer more specific announcement Broken connectivity Highly viable Not stealthy
BGP Attack A local (equally-specific prefix) attack Aim to increase stealthiness
BGP Attack Equally specific announcement compete for traffic Announcement localized Local broken connectivity Potentially stealthy
BGP Attack Can not hijack in this case (unaffected portion)
BGP Attack AS Path poisoning To maintain a valid route to the victim s domain
BGP Attack Almost any AS can perform Connectivity preserved Very stealthy
The stealthy and viability of BGP attacks Effective against /24 prefixes Evades origin change detection Internet topology location required Sub-prefix hijack No No Any location Equally-specific prefix hijack Yes No Many location As-path poisoning attack No Yes Many location
BGP Attack in real worlds Need some Ethical framework for launching real-world attacks Hijack only our own prefixes Domains run on our own prefixes No real users attacked Approached trusted CAs for certificates
BGP Attack in real worlds: Summary Let s Encrypt GoDaddy Comodo Symantec GlobalSign Time to issue certificate 35s <10min 51s 6min 4min Human Interaction No No No No No Multiple Vantage Points No No No No No Validation Method Attacked HTTP HTTP Email Email Email
Additional Attacks More targets Authoritative DNS servers Mail servers Reverse (victim domain -> CA) traffic is also vulnerable
Overview Domain Control Verification BGP Attacks Quantifying Vulnerability Countermeasures Conclusion
Quantifying Vulnerability How many domains are vulnerable? How many adversaries can launch attacks?
Vulnerability of domains: sub-prefix attacks Any AS can launch Only prefix lengths less than /24 vulnerable
Vulnerability of domains: sub-prefix attacks Any AS can launch Only prefix lengths less than /24 vulnerable
Overview Domain Control Verification BGP Attacks Quantifying Vulnerability Countermeasures Conclusion
Countermeasures CA Vantage Point BGP Monitoring CA prefix length Domains CAA DNS Records DNSSEC
Multiple Vantage Points CA sign certificate only if all vantage points and CA agree average resilience of domains attack chance of success One vantage point 61% 39% two vantage points 85% 15% Three vantage points >90% <10%
BGP Monitoring Monitoring suspicious route CA computes each route s age CA signs a certificate for routes which have sufficient age. Then network operator have time to react (tradeoff) false positive <-> minimum time
Related Work Using BGP attack is effective at deanonymizing TOR users Sun el al. Raptor: Routing attacks on privacy in Tor, USENIX Security Symposium (2015) Using BGP attack on hijacking bitcoin Apostolaki et al. Hijacking bitcoin: Routing attacks on cryptocurrencies, In IEEE Symposium on Security and Privacy (SP) (May 2017) Using BGP attack to bypass US surveillance laws Arnbak et al. Loopholes for circumventing the constitution: Unrestricted bulk surveillance on americans by collecting network traffic abroad, Mich. Telecomm. & Tech. L. Rev. 21 (2014)
Related Work Using BGP attacks with strategically poisoned AS paths Pilosov and Kapela, Stealing the Internet: An Internet-scale man in the middle attack, NANOG-44, Los Angeles, October (2008) Using BGP attacks on peering links Madory, Use protection if peering promiscuously. https://dyn.com/blog/use-protection-if- peering-promiscuously/, Nov 2014.
Related Work outline a well-known system to detect traditional BGP attacks Lad et al, PHAS: A prefix hijack alert system, In USENIX Security Symposium (2006) generate route filters to prevent BGP attacks Bush et al, The resource public key infrastructure (RPKI) to router protocol, RFC 6810, RFC Editor, January 2013 BGPsec cryptographically assures the validity of BGP paths Lepinski et al, BGPsec protocol specification, RFC 8205, RFC Editor, September 2017 SCION presents a clean slate architecture that would prevent BGP hijacks Zhang et al, An analysis of BGP multiple origin AS (MOAS) conflicts. In ACM SIGCOMM Workshop on Internet Measurement (New York, NY, USA, 2001)