Difference between revisions of "P2pbgpsec"
(→Possible alternative technical approaches) |
|||
Line 89: | Line 89: | ||
* Various suggestions in comments on Scheider's blog post about Renesys artcle, November 2013 | * Various suggestions in comments on Scheider's blog post about Renesys artcle, November 2013 | ||
https://www.schneier.com/blog/archives/2013/11/rerouting_inter.html | https://www.schneier.com/blog/archives/2013/11/rerouting_inter.html | ||
+ | |||
+ | * October 2014: Job Snijders - Golden Prefixes: http://nlnog.com/dag2014/archive/3_nlnogdag2014_job_snijders_bgp_rpki.pdf | ||
=Current solution: RPKI & sBGP= | =Current solution: RPKI & sBGP= |
Revision as of 17:13, 28 October 2014
Projects | |
---|---|
Participants | |
Skills | |
Status | Dormant |
Niche | Software |
Purpose | Infrastructure |
Contents
Peer 2 Peer BGP Security
wiki page for participants of p2p-sec mailing list: https://lists.puscii.nl/wws/arc/p2p-sec
Objectives
- to contribute to creation and implementation of the distributed/decentralized (web-of-trust) BGP security.
- to create connections between people who share simmilar concerns about the upcoming introduction of hierarchical BGP-security structures, based on PKI/X.509 technology
- to provide space for disscussion & exchange of opinions, news, materials
- to co-ordinate the efforts among various groups that work on the above topics
Problem statements
Internet Governance view
- excellent summary by Milton Mueller, Brenden Kuerbis. (2010,09).
"Building a new governance hierarchy: RPKI and the future of Internet routing
- excellent summary by Milton Mueller, Brenden Kuerbis. (2010,09).
and addressing. Retrieved from Internet Governance Project: http://internetgovernance.org/pdf/RPKI-VilniusIGPfinal.pdf
- "Negotiating a New Governance Hierarchy: An Analysis of the
Conflicting Incentives to Secure Internet Routing"
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2021835
Technical view
- How broken is SSL: a talk by Moxie Marlinspike: "SSL And The Future Of Authenticity" at Defcon 2011:
http://www.youtube.com/watch?v=Z7Wl2FW2TcA
- Basic threat scenario: Man in the Middle attack / prefix hijacking,
presented at Defcon, 2008, by Pilosov/Kapela: http://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf
- Enisa report on the routing security: :
- Jeroen Massar's presentaton on Routing Security
- Sharon Goldberg: Should we secure routing with the RPKI (19 September 2013) , Princeton CS
http://www.cs.princeton.edu/ajax/abstract/467
- Is the Juice Worth the Squeeze? BGP Security in Partial Deployment
Robert Lychev, Sharon Goldberg, Michael Schapira. SIGCOMM'13, Hong Kong, China. August 2013.
http://arxiv.org/pdf/1307.2690v1 http://arxiv.org/abs/1307.2690
- Impacting IP Prefix Reachability via RPKI Manipulations
Kyle Brogle, Danny Cooper, Sharon Goldberg and Leonid Reyzin. Boston University Technical Report. January 4, 2013.
http://www.cs.bu.edu/~goldbe/papers/RPKImanip.pdf http://www.cs.bu.edu/~goldbe/papers/RPKImanip.html
- (October 08, 2013) Threat Model for BGP Path Security
http://tools.ietf.org/html/draft-ietf-sidr-bgpsec-threats-07
Heartbleed
Possible alternative technical approaches
- "trust agility", a talk by Moxie Marlinspike: "SSL And The Future Of Authenticity" at Defcon 2011:
http://www.youtube.com/watch?v=Z7Wl2FW2TcA
https://www.eff.org/deeplinks/2011/11/sovereign-keys-proposal-make-https-and-email-more-secure
- October 21, 2013: "Evolving the Web Public Key Infrastructure", IAB Security Program
http://tools.ietf.org/html/draft-tschofenig-iab-webpki-evolution-00
- Various suggestions in comments on Scheider's blog post about Renesys artcle, November 2013
https://www.schneier.com/blog/archives/2013/11/rerouting_inter.html
- October 2014: Job Snijders - Golden Prefixes: http://nlnog.com/dag2014/archive/3_nlnogdag2014_job_snijders_bgp_rpki.pdf
Current solution: RPKI & sBGP
- IETF wg: SIDR (secure InterDomain Routing)
- Software: http://www.rpki.net/
- RIPE NCC: https://www.ripe.net/lir-services/resource-management/certification
- Public discussion in European region: (articles, mailing lists, links)
http://www.ripe.net/lir-services/resource-management/certification/community-development
In the news & blogs
- Malcolm Hutty, from London Internet Exchange:
https://publicaffairs.linx.net/news/?p=6118
- RIPE Members Vote To Continue RPKI Work, Nov 03, 2011 11:44 AM PDT
By Michele Nylon http://www.circleid.com/post/20111103_ripe_members_vote_to_continue_rpki_wo rk/
- RPKI for PI users in RIPE region:
http://www.ripe.net/ripe/mail/archives/ncc-services-wg/2013-March/002212.html
- NANOG: SIngle trust anchor?
http://mailman.nanog.org/pipermail/nanog/2013-August/060199.html
- (after PRISM) "there's a circumstantial case that the NSA and GCHQ are either directly accessing Certificate Authority keys** or else actively stealing keys from US providers, possibly (or probably) without executives' knowledge. This only requires a small number of people with physical or electronic access to servers, so it's quite feasible.*** The one reason I would have ruled it out a few days ago is because it seems so obviously immoral if not illegal, and moreover a huge threat to the checks and balances that the NSA allegedly has to satisfy in order to access specific users' data via programs such as PRISM."
http://blog.cryptographyengineering.com/2013/09/on-nsa.html
- (NSA breaking crypto, SSL, etc, by Schneider )
https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html
- GOVERNMENTS WANT SUSPENDERS FOR SECURE ROUTING (24 September 2013)
- "...allowing the US the power to arbitrarily shut countries off the net is [...] what deployment of DNSSEC and the rPKI under the current models would do.
- CSRIC/ Secure BGP deployment, March 2013 http://www.renesys.com/wp-content/uploads/2013/05/CSRIC-III-WG6-Presentation-20130314.pdf
- IETF in Vancouver, Sept-November 2013:
https://www.schneier.com/blog/archives/2013/09/take_back_the_i.html http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/ http://www.ietf.org/blog/2013/11/strengthening-the-internet/ http://www.ietf.org/blog/2013/11/we-will-strengthen-the-internet/ http://www.ietf.org/media/2013-11-07-internet-privacy-and-security.html http://www.economist.com/news/science-and-technology/21589383-stung-revelations-ubiquitous-surveillance-and-compromised-software/
- EXCELLENT OVERVIEW, philosophically, ethically & technically : http://geer.tinho.net/geer.uncc.9x13.txt
.Tradeoffs in Cyber Security .Dan Geer, 9 October 13, UNCC
- December 21013: http://www.internetsociety.org/blog/2013/12/resilience-commons-addressing-routing-security-challenges
Meshnets media
See also: Privacy_Software_Workshop_Series#Mesh_networks
& http://wiki.techinc.nl/index.php/Privacy_Software_Workshop_Series#Mesh_networks
- Becha's article with many links:
http://becha.home.xs4all.nl/hackers-philosophers-utopian-network-dec-2012-becha.pdf