Resource Certification - A Public Key Infrastructure for IP Addresses and AS's

Geoff Huston, George Michaelson

Asia Pacific Network Information Centre

{gih, ggm}@apnic.net

DRAFT - November 2008

Abstract - X.509 Public Key certificates are typically used to validate attestations related to identity or role. The overwhelming number of large scale deployments seen in public networks serve this purpose. Here, we examine a different form of X.509 certificate that is used to describe IP address and AS number resources and bind them to a public/private key pair. These certificates are used to attest to resource allocation actions, so that digitally signed attestations relating to a party's right-of-use of IP addresses and AS numbers can be validated by relying parties, using a related Resource Certificate Public Key Infrastructure (RPKI). This has particular application in the area of demonstrable attestations related to the right-of-use of IP addresses, and in the area of inter-domain routing security. The issues related to the application of this RPKI to inter-domain routing security are considered, and the design, management and use of resource certificates, and the structure of the related Public Key Infrastructure are described in detail.

Index Terms – BGP security, Inter-domain routing security, X.509, Public Key Infrastructure

Page 1

1. Introduction

In November 2008 the Asia Pacific Network Information Centre (APNIC) announced the release of a public ‘resource certification service’ that makes use of X.509 public key certificates [X.509] to publish public key certificates and associated signed objects that uniquely associate a private key holder with a ‘right-of-use’ of a collection of IP number resources (IPv4 addresses, IPv6 addresses and Autonomous System (AS) Numbers). This APNIC activity forms part of a larger certificate infrastructure effort that is ultimately intended to provide certification for all in-use number resources in the public Internet. This report describes this Resource Public Key Infrastructure (RPKI) in more detail, looking at the various aspects of the design that lie behind the construction of this particular PKI.

2. Motivation

Opinions vary as to what aspect of the Internet's infrastructure represents the greatest common vulnerability to the security and safety of Internet users, but it is generally regarded that the choice is one of the Domain Name System (DNS) or the inter-domain routing system.

Corrupting the name-to-address translation that is provided by DNS resolution services allows for site masquerading and ‘passing off’, traffic redirection, denial of service and other forms of service corruption, and with a selective attack on the DNS (i.e., one that harms only a subset of the global internet, perhaps to a single client, or users of a single DNS resolver) the problem cannot be seen outside of a very restricted scope. In such an attack on the DNS, the operation of the underlying packet transmission network, when considered as a set of sources and destinations of IP traffic, has not been corrupted, as the attack is directed at the function of mapping from names to the addresses (and vice-versa).

Corrupting routing can lead to a similar set of undesirable outcomes, including traffic inspection as well as masquerading, denial of service and selective corruption of services. It has also been argued that the deliberate corruption of routing makes DNS interception and corruption easier to undertake, and very probably harder to detect. On this basis routing is often positioned as the more critical security vulnerability of the two, and potentially the most critical security vulnerability of the Internet. It is certainly the case that corrupting the routing system to advertise an additional ‘rogue’ instance of a set of anycast name servers, and, in particular of a root name server, allows for a large set of consequent attacks that are based on DNS corruption [Chakrabarti 2002]. Others see the widely distributed trust model that lies behind the DNS as the most readily exploitable vulnerability, and argue that the DNS is the weaker link, as DNS attacks can be carefully crafted to selectively poison particle name resolvers with corrupt address information for a selected set of domain names [Kaminsky 2008]. Irrespective of any individual preference here, both realms, the DNS and routing, represent a continuing source of vulnerability for all users of the Internet. Both are therefore worthy of protection.

This is obviously not a novel observation, and measures to secure the operation of both the DNS and inter-domain routing have been considered by the Internet technical and engineering community for over a decade now. In the case of the DNS the preferred longer term approach is the universal adoption of DNSSEC [RFC4033]. By using public / private key technology, and exploiting the hierarchical structure of the DNS namespace, DNSSEC creates an interlocking key structure that allows a DNS end user to validate a response to a DNS query. With a single point of trust in the public key associated with the private key used to sign the root of the DNS it is possible, in a comprehensive DNSSEC world, to validate any DNS response, and even to validate a negative response of no such domain. At the same time as the technology for securing the DNS was being developed a similar study was underway with respect to securing the inter-domain routing system, which is, in turn, focussed on securing the operation of the predominant inter-domain routing protocol, the Border Gateway Protocol (BGP) [RFC4271].

Just as in the DNS, an attractive approach to constructing an interlocking key structure in the address real is to leverage the strictly hierarchical nature of internet number resource assignment in constructing a corresponding PKI.

Securing the routing system requires a number of measures, including:

-securing access to routers to prevent unauthorized access and malicious reconfiguration,

-securing the connection between routing-active agents to prevent disruption of the communication channel used by the routing protocol, and

-validation of the protocol payload to detect efforts to inject false information into the routing system.

Each of these measures to secure routing requires a different form of response in terms of security infrastructure [Huston 2005].

Securing the routing devices themselves is normally undertaken by ‘shared secret’ mechanisms that secure the channel used to access the router (such as the secure shell protocol, ssh) as well as shared secret mechanisms to secure access to the device (access and authentication) and access parts of the device's configuration state (access permissions). This form of protection is basic, and widely deployed. It lies outside the scope of this report.

Securing the BGP communications channel is a specific instance of a more general function of securing a long-held TCP session, and approaches to this typically use MD5, and studies on the applicability of IPSEC have been undertaken. Again, this is not a consideration of this report.

The third objective in the above list encompasses the objective of enabling BGP speakers to validate the authenticity and validity of the routing information that is passed to them by a BGP ‘peer’. This routing information is in the form of assertions of reachability of address prefixes, and assertions of an associated ‘vector’ of AS's that form the AS Path attribute. The validation questions that apply to this routing information include:

-Is this prefix a valid prefix to advertise into the routing system?

-Has the holder of the "right-of-use" of this address prefix authorized the originating AS to perform this advertisement?

-Did the authorized AS actually originate this route object?

-Does the AS Path of the route object represent the sequence of AS's through which the route object has been propagated?

-Are all the AS's in the AS Path valid?

-Does the next hop address represent a feasible forwarding path to reach the address prefix?[1]

-Does the forwarding path represent a series of switching decisions that are consistent with the local traffic forwarding policies at each step in the path?

The questions of potential relevance to the RPKI relate to establishing the validity of address prefixes and AS's, and the validity of authorities and attestations that are being made by the holders of addresses and AS's.

The objective of the RPKI is therefore to provide a means of validation of the authenticity of an IP address or AS. This authenticity means being able to determine that the address or AS number has been validly allocated or assigned, and that the address can be announced into the routing system and that the AS number can be used within the attributes of the routing information systems. In addition, the RPKI can validate the association between an address or AS number and its current right-of-use holder. This validation function can be interpreted as a validation of a title over the right-of-use of addresses, and this function of validation of title is expected to be of utility in a number of areas, and not strictly limited to that of routing-protocol security.

3. Prior Work in Routing Security

The initial approach that was used to provide some level of certainty regarding the legitimacy of the use of IP addresses in the routing system was the IP address allocation registry (and subsequently the AS number allocation registry), originally administered by the Internet Assigned Numbers Authority (IANA), and now undertaken by the five Regional Internet Registries (RIRs) as well as the IANA. The IANA now published registries for IPv4 address allocations, IPv6 allocations and AS number allocations. With some exceptions the IANA registries simply list the allocations to RIRs. The RIR registries collectively contain the current list of all validly allocated number resources and the details of the identity of the party to whom the resources were allocated.

There are some issues in using this published registry information to validate the authenticity of the use of number resources in a routing context and to authenticate the routing information with the registry-published details of the party to whom the resource was allocated or assigned:

-the RIR registry data is published in its complete form only under terms of a research agreement, due to community concerns over data mining of the registry

-the available query tool, "whois" [RFC3912], is insecure and readily disrupted by a number of forms of attack

-the query servers generally restrict the query rate from any single client, due to these same community concerns

-the collection of registry data is incomplete and out of date in certain parts, and inconsistencies between different published "whois" entries have to be resolved by hand.

It appears to be a poor choice to use only whois queries to underpin a framework for secure routing for the Internet. Even if it were the case that the underlying registry data was to be corrected and all inconsistencies removed, the issues related to insecurity of access and inability to validate the data essentially relegate this "raw" registry data as unusable in any real time context of routing security.

A refinement to this approach is to refine the registry concept into "routing registries". Internet Routing Registries (IRRs) are registries than contain, in addition to information relating to AS numbers and IP addresses, structured entries that relate to the AS adjacencies that exist in the routing space and the applicable routing policies that AS's apply to these adjacencies. IRRs also contain entries that describe origination of routing information, binding together an address prefix and an originating AS. IRRs, by common agreement, use the RPSL [RFC2622] notation, an object model based on textual "type: value" descriptive fields. The major operational use for IRRs has been in the construction and maintenance of automated routing filters for inter-domain routers. By traversing an IRR, matching AS import and export routing policies, joining the inferred propagation information to the IRR-declared prefix origination for each AS, it is possible to construct the list of all prefixes that an adjacent AS may announce to its peer. From that complete list of possible announced prefixes a filter list can be constructed, which allows the local BGP instance the ability to declare any other routing information as "unauthorised" and filter it out of consideration.

In terms of positive attributes, this system has been able to prevent accidental route leaks from propagating out into the inter-domain routing space, and it ensures that routes are added into the routing system via a deliberative process rather than as an accidental outcome. However, IRRs are not used universally, and the partial use of IRR systems limits their general applicability, and this approach has had a number of problems:

  • There is no method of authenticating the data retrieved from an IRR, and most methods of access to an IRR are unsecured. Having sourced IRR data, once dissociated from its point of publication there is no clear method to identify where it came from, and thus what level of trust to place in it.
  • There are many IRRs and each have differing policies of admission, and can hold differing data. There is no capability to ensure consistency of information across IRRs.
  • The IRR publication model is not inherently secure and very few IRRs implement a strict condition that IRR data should be derived from allocation registry data. IRRs use differing admission policies, the publication model is insecure and therefore there is no easy method for a client of an IRR to establish the currency and accuracy of IRR data [Steenbergen 2008].

Overall, the trust model of the IRRs appears to relate to trust in the data admission policies of the IRR, which, in turn, places an undue level of reliance in the location of publication of the data as distinct from establishing trust through explicit validation of the data. Efforts to improve this situation were studied in the late 1990s, but few IRRs have implemented the measures proposed by this Routing Policy System Security study [RFC2725].

Work has also focussed on the operation of BGP in an effort to secure the operation of the protocol and validate the contents of BGP Update messages. These studies have used a number of approaches to provide the appropriate validation mechanism, including referral to the DNS and the potential use of DNSSEC, "web of trust" techniques, simple signed assertions and (the focus of this report) by reference to an external certificate hierarchy that is aligned to the resource allocation hierarchy. Some major contributions in this area of study so far include sBGP [Kent 2000], soBGP [White 2003], psBGP [Oorschot 2007] , IRR [Goodell 2003], and the use of an AS RR in the DNS, signed by DNSSEC [Bates 1998].

The common factor in these approaches is that they all require as a basic input a means of validating two basic assertions relating to origination of a route into the inter-domain routing system:

1)that the IP address block and the AS numbers being used are valid to use, and

2)that the parties using these IP addresses and AS numbers are properly authorized to so do.

The mechanisms proposed to perform this validation vary from simple assertion through peer corroboration through to a comprehensive resource PKI. It appears that the proposals that rely on the existence of a comprehensive resource PKI do so in the face of the obvious fact that until now, no such PKI exists today. It appears that in most cases the proposals that make use of weaker models of assertion and web of trust could be replaced by a resource PKI with no loss of functionality and a significant improvement in the level of trust that could be placed in the outcome of the validation process. The essential common approach is to provide an associated "feed" of signed credential information, which could be used to validate the feed of routing information, and validation of these credentials could be performed through the RPKI.

4. Resource Certificates and the Resource Public Key Infrastructure

Resource Certificates are X.509 certificates that conform to the PKIX profile [RFC5280] and that also contain a mandatory certificate extension that lists a collection of IP resources (IPv4 addresses, IPv6 addresses and AS Numbers) [RFC3779]. These certificates attest that the certificate’s issuer has granted to the subject a unique “right-of-use” of the associated set of IP resources by virtue of a resource allocation action. The certificates are not identity attestation certificates, nor are they role authority certificates, nor are they instances of permission certificates. The certificates do not attest to the identity of the certificate’s subject. The unique “right-of-use” concept mirrors the resource allocation framework, where the certificate provides a means of third-party validation of assertions related to resource allocations. By coupling the issuance of a certificate by a parent CA to the corresponding resource allocation, a test of the certificate validity including the RFC3779 extension can also be interpreted as validation of that allocation. Signing operations which descend from that certificate can therefore be held to be testable, under the corresponding hierarchy of allocation.

A Resource Certificate describes an action by the certificate issuer that binds a list of IP Address blocks and AS Numbers to the subject of the certificate. The binding is identified by the implicit association of the subject's private key with the subject's public key contained in the Resource Certificate, signed by the private key of the certificate's issuer. Any instrument signed by the subject’s private key that relates to an assertion of resource control can be validated through the matching public key contained in the certificate and validation of the certificate itself in the context of a resource PKI [Lepinski 2008b].