Route Leaks & MITM Attacks Against BGPSEC
draft-ietf-grow-simple-leak-attack-bgpsec-no-help-00

The information below is for an old version of the document
Document Type Active Internet-Draft (grow WG)
Last updated 2013-05-06
Stream IETF
Intended RFC status (None)
Formats pdf htmlized bibtex
Stream WG state WG Document
Document shepherd None
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
GROW                                                        D. McPherson
Internet-Draft                                            Verisign, Inc.
Intended status: Informational                                 S. Amante
Expires: September 23, 2013                 Level 3 Communications, Inc.
                                                            E. Osterweil
                                                          Verisign, Inc.
                                                          March 22, 2013

               Route Leaks & MITM Attacks Against BGPSEC
          draft-ietf-grow-simple-leak-attack-bgpsec-no-help-00

Abstract

   This document describes a very simple attack vector that illustrates
   how RPKI-enabled BGPSEC machinery as currently defined can be easily
   circumvented in order to launch a Man In The Middle (MITM) attack via
   BGP.  It is meant to serve as input to the IETF's Secure Inter-Domain
   Routing working group during routing security requirements
   discussions and subsequent specification.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 23, 2013.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect

McPherson, et al.      Expires September 23, 2013               [Page 1]
Internet-Draft                 Route Leaks                    March 2013

   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Discussion  . . . . . . . . . . . . . . . . . . . . . . . . . . 3
   3.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 5
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
   5.  Security Considerations . . . . . . . . . . . . . . . . . . . . 5
   6.  Informative References  . . . . . . . . . . . . . . . . . . . . 6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 6

McPherson, et al.      Expires September 23, 2013               [Page 2]
Internet-Draft                 Route Leaks                    March 2013

1.  Introduction

   This document describes a very simple attack vector that illustrates
   how RPKI-enabled BGPSEC [I-D.ietf-sidr-bgpsec-protocol] machinery, as
   currently defined, can be easily circumvented in order to launch a
   Man In The Middle (MITM) attack via BGP [RFC4271].  It is meant to
   serve as input to the IETF's SIDR Working Group during routing
   security requirements discussions and subsequent specification.

   This draft shows evidence that the attack vector described herein is
   extremely common, with over 9.6 million candidate instances being
   recorded since 2007.  As a result of this evidence (and additional
   contextual knowledge), the authors believe the capability to prevent
   leaks and MITM leak-attacks should be a first-order engineering
   objective in any secure routing architecture.

   While the formal definition of a route leak has proven elusive in the
   literature, their rampant occurrence and persistent operational
   threats have proven to be anything but elusive.  This document is
   intended to serve as an existence proof for this threat vector, and
   any supplementary formal models are left for future work.

2.  Discussion

   In order to understand how a MITM attack can be launched with this
   attack vector, assume a multi-homed Autonomous System (AS), AS1,
   connects to two ISPs (ISP1 & ISP2), and wishes to insert themselves
   in the data-path between a target network (prefix P) connected to
   ISP2 and systems in ISP1's network in order to launch a Man In The
   Middle (MITM) attack.  Further, assume that an RPKI-enabled BGPSEC
   [I-D.ietf-sidr-bgpsec-protocol] as currently defined is fully
Show full document text