Securing Domain Control with BGP Attacks and Digital Certificates

Slide Note
Embed
Share

Exploring the vulnerabilities of domain control verification in the context of BGP attacks and the role of digital certificates in ensuring security. The process of domain control verification, issuance of digital certificates by Certificate Authorities (CAs), and the significance of Public Key Infrastructure (PKI) are discussed. Learn how organizations can maintain secure connections through proper domain ownership verification.


Uploaded on Oct 01, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Bamboozling Certificate Authorities with BGP 20174489 SEUNGHAN HONG

  2. Introduction USENIX Security 18 Author : Henry Birge-Lee, Yixin Sun, Anne Edmundson, Jennifer Rexford, Prateek Mittal

  3. Introduction

  4. Overview Domain Control Verification BGP Attacks Quantifying Vulnerability Countermeasures Conclusion

  5. Digital Certificate How we can sure that the domain is KAIST?

  6. Digital Certificate How we can sure that the domain is KAIST? This is the mark which the domain has digital certificate.

  7. Digital Certificate How we can sure that the domain is KAIST? This is the mark which the domain has digital certificate.

  8. Domain Control Verification A process to verify the domain owner before signing certificate Certificate Authority (CA) is an organization which signs the certificate CA helps us to create secure connection to a server using Public Key Infrastructure (PKIs)

  9. Domain Control Verification Owner of the domain request a certificate to CA

  10. Domain Control Verification CA gives Domain Control Verification Challenge

  11. Domain Control Verification Owner modifies the server

  12. Domain Control Verification CA check whether the domain has correct answer

  13. Domain Control Verification If it is correct, CA gives digital certificate to owner

  14. Domain Control Verification If it is correct, CA gives digital certificate to owner

  15. Overview Domain Control Verification BGP Attacks Quantifying Vulnerability Countermeasures Conclusion

  16. Border Gateway Protocol (BGP) BGP is a standardized exterior gateway protocol designed to exchange routing and reachability information among Autonomous System (AS) on the Internet

  17. Border Gateway Protocol (BGP) For example the AS containing 2.2.2.0/23 announce that he owns 2.2.2.0/23. Then AS1 announce that it can reach to 2.2.2.0/23 by 1 hop

  18. High Level Idea: BGP Attack Man in the middle attack Attacks when CA calls HTTP GET example.com/verify.html

  19. BGP Attack Normal procedure CA reach to correct server

  20. BGP Attack Simplest Attack (sub-prefix attack) Use the same IP address to capture the victim s traffic

  21. BGP Attack Routers prefer more specific announcement Broken connectivity Highly viable Not stealthy

  22. BGP Attack A local (equally-specific prefix) attack Aim to increase stealthiness

  23. BGP Attack Equally specific announcement compete for traffic Announcement localized Local broken connectivity Potentially stealthy

  24. BGP Attack Can not hijack in this case (unaffected portion)

  25. BGP Attack AS Path poisoning To maintain a valid route to the victim s domain

  26. BGP Attack Almost any AS can perform Connectivity preserved Very stealthy

  27. The stealthy and viability of BGP attacks Effective against /24 prefixes Evades origin change detection Internet topology location required Sub-prefix hijack No No Any location Equally-specific prefix hijack Yes No Many location As-path poisoning attack No Yes Many location

  28. BGP Attack in real worlds Need some Ethical framework for launching real-world attacks Hijack only our own prefixes Domains run on our own prefixes No real users attacked Approached trusted CAs for certificates

  29. BGP Attack in real worlds: Summary Let s Encrypt GoDaddy Comodo Symantec GlobalSign Time to issue certificate 35s <10min 51s 6min 4min Human Interaction No No No No No Multiple Vantage Points No No No No No Validation Method Attacked HTTP HTTP Email Email Email

  30. Additional Attacks More targets Authoritative DNS servers Mail servers Reverse (victim domain -> CA) traffic is also vulnerable

  31. Overview Domain Control Verification BGP Attacks Quantifying Vulnerability Countermeasures Conclusion

  32. Quantifying Vulnerability How many domains are vulnerable? How many adversaries can launch attacks?

  33. Vulnerability of domains: sub-prefix attacks

  34. Vulnerability of domains: sub-prefix attacks Any AS can launch Only prefix lengths less than /24 vulnerable

  35. Vulnerability of domains: sub-prefix attacks Any AS can launch Only prefix lengths less than /24 vulnerable

  36. Resilience to equally-specific prefix attacks

  37. Resilience to equally-specific prefix attacks

  38. Resilience of domains assuming random CA

  39. Choosing affected CA

  40. Vulnerability of Domains: Equally-specific attacks

  41. Vulnerability of Domains: Equally-specific attacks

  42. Overview Domain Control Verification BGP Attacks Quantifying Vulnerability Countermeasures Conclusion

  43. Countermeasures CA Vantage Point BGP Monitoring CA prefix length Domains CAA DNS Records DNSSEC

  44. Multiple Vantage Points

  45. Multiple Vantage Points

  46. Multiple Vantage Points CA sign certificate only if all vantage points and CA agree average resilience of domains attack chance of success One vantage point 61% 39% two vantage points 85% 15% Three vantage points >90% <10%

  47. BGP Monitoring Monitoring suspicious route CA computes each route s age CA signs a certificate for routes which have sufficient age. Then network operator have time to react (tradeoff) false positive <-> minimum time

  48. Related Work Using BGP attack is effective at deanonymizing TOR users Sun el al. Raptor: Routing attacks on privacy in Tor, USENIX Security Symposium (2015) Using BGP attack on hijacking bitcoin Apostolaki et al. Hijacking bitcoin: Routing attacks on cryptocurrencies, In IEEE Symposium on Security and Privacy (SP) (May 2017) Using BGP attack to bypass US surveillance laws Arnbak et al. Loopholes for circumventing the constitution: Unrestricted bulk surveillance on americans by collecting network traffic abroad, Mich. Telecomm. & Tech. L. Rev. 21 (2014)

  49. Related Work Using BGP attacks with strategically poisoned AS paths Pilosov and Kapela, Stealing the Internet: An Internet-scale man in the middle attack, NANOG-44, Los Angeles, October (2008) Using BGP attacks on peering links Madory, Use protection if peering promiscuously. https://dyn.com/blog/use-protection-if- peering-promiscuously/, Nov 2014.

  50. Related Work outline a well-known system to detect traditional BGP attacks Lad et al, PHAS: A prefix hijack alert system, In USENIX Security Symposium (2006) generate route filters to prevent BGP attacks Bush et al, The resource public key infrastructure (RPKI) to router protocol, RFC 6810, RFC Editor, January 2013 BGPsec cryptographically assures the validity of BGP paths Lepinski et al, BGPsec protocol specification, RFC 8205, RFC Editor, September 2017 SCION presents a clean slate architecture that would prevent BGP hijacks Zhang et al, An analysis of BGP multiple origin AS (MOAS) conflicts. In ACM SIGCOMM Workshop on Internet Measurement (New York, NY, USA, 2001)

Related


More Related Content