Bitcoins Will Buy BGP Security? Come On…

Here’s another interesting talk from RIPE77: Routing Attacks in Cryptocurrencies explaining how BGP hijacks can impact cryptocurrencies.

TL&DR: Bitcoin is not nearly decentralized enough to be resistant to simple and relatively easy BGP manipulations.

Is that a BGP problem? Obviously not – it’s just that what people think they know about bitcoin has no basis in reality. According to the talk all you have to do to disrupt bitcoin global infrastructure is to take ten prefixes offline. Oh, and then there’s the small matter of “bitcoin messages being propagated unencrypted and without any integrity guarantees.” Looks like the whole thing really was a proof-of-concept that escaped from the lab.

On a totally unrelated note, that talk follows the great recipe a friend of mine working in academia his whole life described decades ago when looking for the topic of his PhD thesis: “Take two unrelated research areas, and find a way to mix them together. You’re almost guaranteed to have something unique and publishable.

Not unexpected, some people quickly latched onto this unique combination, resulting in articles like Real Money Can’t Buy Routing Security… But BitCoin Might. Unfortunately that’s just wishful thinking.

BGP routing security is a business problem, and there’s orders of magnitude more money made on the Internet the traditional way… yet none of those players are willing to pay the ISPs to build a secure infrastructure and use non-public infrastructure for mission-critical communication. Bitcoin miners might just find it easier to go down that same path.

9 comments:

  1. It seems that you belittle the situation. Route leaking/hijacking is a real problem. But the RPKI thing fails because of the small percentage of participants (how much is the adoption of RPKI?). It's certainly a business problem but that insight doesn't solve the existing problem.
    Replies
    1. You did read the "BGP routing security is a business problem" post I linked to, and the original post by Russ White, did you?

      Route leaking and hijacking is solvable without any new technology (solutions described in RFC 7454 are good enough), if only there would be interest and commercial motivation in solving it. Right now it seems like nobody is willing to foot the bill.
    2. Yes, I read the two posts before. So you would rely on the quality of IRR data and ISPs filtering prefixes for you? Well, tell that to the marines. Why not just doing DNSSEC without cryptography?
    3. Why would you not trust the IRR data? Oh wait... because nobody is motivated enough to keep it current... become nobody has the guts (or motivation) to enforce it, apart from Job Snijders.

      And how do you think RPKI will change things? It's just another database that needs to be kept up-to-date, and if nobody is punished for not keeping the data current, nothing will ever change.
    4. And who guarantees that the data from IRR is valid? The users themselves? You must be joking. It's about trust and "not another database to maintain". The problem is the enforcement of the cryptography. No one takes responsibility for that. Same for DNSSEC. If it would be enforced and you don't participate, your public subnets become unreachable through invalidation. I bet you then quickly move your fat fingers to come back online.
    5. > And who guarantees that the data from IRR is valid? The users themselves? You must be joking.

      Why? PGP solved a long time ago this problem using the Web of Trust concept, users validate themselves

      > If it would be enforced and you don't participate, your public subnets become unreachable through invalidation

      I think that's a trade off between security and usability, and from people with experience using IPSEC and suffering all the weird failures and strange problems, they don't want their sessions failing because of this
    6. Great idea. You know how PGP works? How do you manage let's say 100'000 public keys? How does PGP scale? Maybe you missed the topic it's not about email security.
    7. I think that I'm not missing the topic, just I didn't articulate it well enough :)
      I tried to mean that if you use PGP to do the updates to IRR http://www.radb.net/support/authentication1.php it's reasonably secure, and nobody can add malicious data.
      Then, if you use filters based in the IRR data and you are not updating the data, you have the results that you are proposing
      >If it would be enforced and you don't participate, your public subnets become unreachable through invalidation. I bet you then quickly move your fat fingers to come back online.

      By the way, PGP keyservers are handling more than 5M keys nowadays https://sks-keyservers.net/status/key_development.php ;)
  2. This comment has been removed by a blog administrator.
Add comment
Sidebar