So route authentication why would you consider it and what is the technology around it? So why use route authentication? It provides for two very important things data origin authentication and data integrity so with data origin authentication you can be fairly certain which routing Pierre sent the actual update and with data integrity you know that none of the routing data was modified in transit so both of these properties alleviate the risk of maliciously intentional TCP resets which would be very important in BGP to cause Valkyrie convergence and also alleviates the risk of altering a packet or sending duplicate packets both which could have adverse effects on routing infrastructure and either alter the path of the data or render the network unavailable so very commonly people use var authentication to alleviate the TCP resets that is a protocol flaw that could be a problem with BGP but you do have to think about how realizable is this so to do malicious TCP reset an attacker would need to predict the targets choice of the expected sequence number and the spoof packet would have to be sent with the reset bit enabled which then of course would reset the TCP connection and would caused about convergence so you always have to also consider how likely is an attack realisable that you're trying to use a security feature to protect against let's take a look at how plaintext neighbor authentication works this does not use any kind of cryptographic protection but what happens is that two different routers let's say I have a router in santa cruz and one in tallinn they each have a database of keys associated with a particular router so if the router from santa cruz is sending a routing update to a router in Tollin it would then add the key that's associated with itself to the routing update Tollan would then take a look at the routing update that the santa cruz router sent it look up in its database the key if both keys match it would accept the routing update if the keys don't match the routing update would be rejected however the problem here is that anybody sniffing the wire could be sniffing what the key looks like and then could potentially impersonate some kind of a routing peer much better is to use cryptographic protection and for our authentication the fundamental building block is a hash function what is a hash function it's a mathematical function that takes an input message of arbitrary length and gives an output that is fixed length so the output is called either a hash a message digest or even a fingerprint some of the common algorithms are md5 which has a 128-bit output sha-1 160 bit output or there's variants of algorithms called cha 2 that have either 224 256 384 or 512 bit outputs so there's a number of different hash functions again as cryptography improves over time my older algorithms are known to be susceptible to attacks themselves so you also have to think about well which a hash function might you want to use so some of the properties of hash algorithms are that you cannot deduce the input from the output and also you can have two inputs which produce the same output if these two properties aren't true that means that there's a potential collision that's a problem with hash functions which is why over time you will find if older algorithms have collisions newer ones get invented and and recommended so let's take a look at router indication and how it typically works using cryptographic protection and hash phone it's also sometimes called md5 authentication can you guess why because md5 is a commonly known hash function that's used so let's take a look at how this works the peer routers would have a shared secret so think of that as a password configured on both routers the sending router would then take that shared secret and the routing update and run it through the hash algorithm let's assume it's md5 and then you get the output called a hash or message digest or fingerprint and with md5 that would be a hundred and twenty eight bit string that 128-bit string would that be appended to the routing update and together they would be sent over the wire to the receiving router the receiving router would then take the routing update and hash and then keep the hash somewhere in memory in parallel it would then take the shared secret that it has configured take the routing update run it through the same hash function ie md5 and get its own hash output of 128 bits so the computed hash function is then compared to the one it received from the peer router if they match the routing update is accepted if they don't match the routing update is rejected with md5 authentication or even Chawan if that's something that the router vendor is able to handle or shot - but verification using cryptography can be utilized for any routing protocol there are RFC's on how to do this for OSPF is is bgp and here's some of the configuration examples as you can see it's quite simple now we know that any time that you're thinking about using some kind of security feature you do have to compare the cost of utilizing the security feature that mitigates the risk and make sure that utilizing it is more effective than the cost of what you're actually trying to protect so is ratification useful really depends on your environment you do have to think about the operational considerations so one is rekeying first of all how effective is it right is it seamless from the vendor that you're using so that when you're actually changing keys ie the passwords that you don't have session loss which then could cause route recomputation in some downtime I know that in some environments they're very systematic in terms of how they do their rekeying of their ratification and some of them quite frankly haven't done it in years because it's too much of a risk of some down time what is the likelihood that software can have bugs that you can't really deal with what is the likelihood that if you have a multi vendor scenario with multiple different router vendors are there going to be interoperability issues you should really look into that and what is the likelihood that you will have more of an operational risk where devices are misconfigured so again you need to think about this in your own environment I think in some environments it makes sense I also think in some it doesn't and you really have to make that determination for yourself thank you you
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.